On 29 Jul 2007 13:47:30 GMT Tyler Smith <[EMAIL PROTECTED]> wrote: > On 2007-07-29, Douglas Allan Tutty <[EMAIL PROTECTED]> wrote: > > On Sun, Jul 29, 2007 at 12:48:16PM +0000, Tyler Smith wrote: > >> On 2007-07-29, Jeff D <[EMAIL PROTECTED]> wrote: > > > >> I ran rkhunter again, and then for good measure I aptitude --purged > >> it, reinstalled, and ran again. And then I thought maybe the whole > >> thing was compromised, so I purged it again, installed rkhunter 1.30 > >> from sourceforge, and ran again. And I also ran chkrootkit. In all > >> cases they showed nothing happening, except for warning me that some > >> of my /bin executables had been replaced by scripts -- stuff like > >> egrep, fgrep etc. > >> > >> So perhaps it was just a false positive. I'm going to read up on > >> security stuff now, so maybe I'll have some idea how to proceed the > >> next time. > >> > > > > Its tricky. If you have been rooted, you can't trust anything on the > > system, including aptitude. As for reading, try the package harden-doc. > > > > That's what I was thinking. But is there any way a rootkit could > interfere with my downloading and compiling from source? I was hoping > that doing things 'by hand' would limit the possibilities for > compromising the result.
In theory, certainly. Your downloading agent is probably invoking system libraries, which may be compromised and substituting bad source. The system may not even be running your download agent at all! Or it may subsequently lie to you and assure you that it's running the downloaded app when it really isn't. Whether all this is at all plausible is a different question. > I will look at harden-doc. I'm working through the Linux how-to > security quick start at the moment. > > Thanks, > > Tyler Celejar -- mailmin.sourceforge.net - remote access via secure (OpenPGP) email ssuds.sourceforge.net - A Simple Sudoku Solver and Generator -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
