[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: /bin/login listening?

On 2007-07-29, Douglas Allan Tutty <dtutty@porchlight.ca> wrote:
> On Sun, Jul 29, 2007 at 12:48:16PM +0000, Tyler Smith wrote:
>> On 2007-07-29, Jeff D <fixedored@gmail.com> wrote:
>  
>> I ran rkhunter again, and then for good measure I aptitude --purged
>> it, reinstalled, and ran again. And then I thought maybe the whole
>> thing was compromised, so I purged it again, installed rkhunter 1.30
>> from sourceforge, and ran again. And I also ran chkrootkit. In all
>> cases they showed nothing happening, except for warning me that some
>> of my /bin executables had been replaced by scripts -- stuff like
>> egrep, fgrep etc.
>> 
>> So perhaps it was just a false positive. I'm going to read up on
>> security stuff now, so maybe I'll have some idea how to proceed the
>> next time.
>> 
>
> Its tricky.  If you have been rooted, you can't trust anything on the
> system, including aptitude.  As for reading, try the package harden-doc.
>

That's what I was thinking. But is there any way a rootkit could
interfere with my downloading and compiling from source? I was hoping
that doing things 'by hand' would limit the possibilities for
compromising the result.

I will look at harden-doc. I'm working through the Linux how-to
security quick start at the moment.

Thanks,

Tyler
Reply to: