As a routine, there is a program called chkrootkit available at http://www.chkrootkit.org/ It does a check for know root kits lastlog deletions, strings replacement and more right now the list of rootkits/worms is about 30 so it's a pretty current program. Like anything else it's not a cure all but every tool helps and it runs fast. I've got it on a daily cron job on mine.
James On Thu, 23 May 2002 17:50:37 -0600 FemmeFatale <[EMAIL PROTECTED]> wrote: > [EMAIL PROTECTED] wrote: > > > > >> > > I can't address the rest but I do know some stuff about cracking > > *don't ask, and if you must ask do so pvtly*. I know that the first > > utils a cracker will replace/redo/delete/alter are: > > > > ps/ls/time/cp/rm > > > > those are fairly standard, and yes generating phony logs isn't hard. > > Rootkits are widely available to do so with. Need proof, I'll get > > you URLs pvtly. > > > > If you want some decent info on this subject with a very legal bent, > > try www.sec33.com. > > -- > > Femme > > >> > > > > Add netstat to the short list of favorite utilities to change. > > I have also, unfortunately (!) gathered some first-hand info > > about the techniques used... I will check my crucial binaries > > against the CD ones tonight, it maybe that the md5sums I have > > were done on already-compromised binaries... > > > > Thanks for your time, > > > > Serge Pineault > > > > *nods* Ty I did forget that one. I hope you haven't been hacked, and > doubt it highly in fact. > > However in case you have been you have my sympathies & may wish to > check that site I mentioned as it has tons of info on security too. > > -- > Femme > > Good Decisions You boss Made: > > "We'll do as you suggest and go with Linux. I've always liked that > character from Peanuts." > > - Source: Dilbert > > >
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
