Re: How to detect whether your machine is compromised?

To: debian user <debian-user@lists.debian.org>
Subject: Re: How to detect whether your machine is compromised?
From: Jeff D <fixedored@gmail.com>
Date: Fri, 5 Oct 2007 12:18:44 -0700 (PDT)
Message-id: <[🔎] Pine.LNX.4.62.0710051204350.16423@proto.technobounce.com>
In-reply-to: <[🔎] 47066419.8000902@gmail.com>
References: <[🔎] 47066419.8000902@gmail.com>

On Fri, 5 Oct 2007, Raj Kiran Grandhi wrote:

Hi,

There is an article on slashdot,
http://it.slashdot.org/article.pl?sid=07/10/05/1234217&from=rss which saysthat most of the phishing sites are being run from rootkitted linux boxes. Idunno how accurate their analysis is (the results were not released), howeverI wonder if there is any way to establish whether a given machine iscompromised or not.
Are there any tools available that one can run on a regular basis? Whatmeasures can we take to ensure that we are somehow alerted if our system getscompromised?
Regards,
Raj Kiran

2 good tools to install are rkhunter and aide. rkhunter does a good jobof finding root kits and alerting you of anything it find suspicious, inmy tests I have done. Aide, is file integrity checker and will notify youof any changes made to the filesystem, such as added files, modifiedfiles, deleted files and what not.

Its always a good idea to install these from the beginning as it gets moredifficult over time to determine what has been changed or added.


hth
jeff

-+-
8 out of 10 Owners who Expressed a Preference said Their Cats Preferred Techno.

Reply to:

References:
- How to detect whether your machine is compromised?
  - From: Raj Kiran Grandhi <grajkiran@gmail.com>

Prev by Date: Re: Finding installed dependencies?
Next by Date: Re: HELP! can't become root
Previous by thread: Re: How to detect whether your machine is compromised?
Next by thread: Re: How to detect whether your machine is compromised?
Index(es):
- Date
- Thread