Re: tool for checking compromised box

To: Debian-User <debian-user@lists.debian.org>
Subject: Re: tool for checking compromised box
From: "Karsten M. Self" <kmself@ix.netcom.com>
Date: Sun, 3 Aug 2003 09:20:05 +0100
Message-id: <[🔎] 20030803082005.GE14726@ganymede>
Mail-followup-to: Debian-User <debian-user@lists.debian.org>
In-reply-to: <006601c357c2$d41d2e60$020119ac@ADMWEBDEVWS>
References: <006601c357c2$d41d2e60$020119ac@ADMWEBDEVWS>

on Fri, Aug 01, 2003 at 08:21:14AM +0800, Louie Miranda (louie@axishift.ath.cx) wrote:
> Hello,
> 
> Is there any Debian package that can check a compromised box?

As previously noted, chkrootkit is one pallative.

Note that once a box is suspect, your trust in any of its output is
equally suspect.   You must analyze it from known good media (say, a
Knoppix boot disk).

A mix of chkrootkit, debsums, and the new tripwire replacement (aide,
integrit), would probably be good.  Reinstall from known good sources
would be strongly recommended.

Peace.

-- 
Karsten M. Self <kmself@ix.netcom.com>        http://kmself.home.netcom.com/
 What Part of "Gestalt" don't you understand?
   Verio webhosting?  Guaranteed downtime:
     http://www.wired.com/news/politics/0,1283,57011,00.html
     http://www.dowethics.com/r/environment/freedom.html

Attachment: pgpGUWAZ5gkr0.pgp
Description: PGP signature

Reply to:

Prev by Date: Why the list always tell me that my address has too much bounced mails and removed me from the list:(
Next by Date: Re: Why the list always tell me that my address has too much bounced mails and removed me from the list:(
Previous by thread: Re: Why the list always tell me that my address has too much bounced mails and removed me from the list:(
Next by thread: getting escputil to work
Index(es):
- Date
- Thread