On Fri, Oct 05, 2007 at 09:49:37PM +0530, Raj Kiran Grandhi wrote: > Hi, > > There is an article on slashdot, > http://it.slashdot.org/article.pl?sid=07/10/05/1234217&from=rss which says > that most of the phishing sites are being run from rootkitted linux boxes. > I dunno how accurate their analysis is (the results were not released), > however I wonder if there is any way to establish whether a given machine > is compromised or not. I think that article is mostly FUD (note that its sponsored by MS) but your question is still a good one. There are many articles on how to secure a linux box. Start with apt-get'ing harden-doc. To determine that a system is not compromised, you have to start with a system that's not compromised. Once you get that (try a live-cd as a way to examine a previously installed system) go for packages like tiger and tripwire. Read up on them, learn them and then use them A
Attachment:
signature.asc
Description: Digital signature