Re: Detecting a compromised system

To: debian-user@lists.debian.org
Subject: Re: Detecting a compromised system
From: "Boyd Stephen Smith Jr." <bss@iguanasuicide.net>
Date: Sun, 15 Feb 2009 17:28:52 -0600
Message-id: <[🔎] 200902151728.52601.bss@iguanasuicide.net>
In-reply-to: <[🔎] 87bpt3r03u.fsf@nokile.rath.org>
References: <[🔎] 87bpt3r03u.fsf@nokile.rath.org>

On Sunday 15 February 2009 13:06:29 Nikolaus Rath wrote:
> I expected that it would be pretty easy to spot these modifications.
> So I did exactly the above and then tried to "detect" my changes.
>
> I first looked for any additional packages that might help me with
> this and installed (and configured to the best of my knowledge)
> checksecurity and tiger.

Most security audit tools actually depend on being able to inventory the 
system before an attack.  Installing them after you are 'sploited doesn't 
help.

Try installing them, then making a change that's not detectable.
-- 
Boyd Stephen Smith Jr.                   ,= ,-_-. =.
bss@iguanasuicide.net                   ((_/)o o(\_))
ICQ: 514984 YM/AIM: DaTwinkDaddy         `-'(. .)`-'
http://iguanasuicide.net/                    \_/

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to:

Follow-Ups:
- Re: Detecting a compromised system
  - From: Nikolaus Rath <Nikolaus@rath.org>

References:
- Detecting a compromised system
  - From: Nikolaus Rath <Nikolaus@rath.org>

Prev by Date: Re: security (malware) issues in Linux bases OSes
Next by Date: Re: lenny-backports public key is not available - SOLVED
Previous by thread: Re: Detecting a compromised system
Next by thread: Re: Detecting a compromised system
Index(es):
- Date
- Thread