Another very good supplimentary tool, used in linux, is the netstat tool
used in such a fashion:
#netstat -veenp | more
the reason for the pipe is that you will get tons of info on ports,
datagrams,unix connections, you name it. You will actually see what process
has ownership to what object or process in linux. Some builds of linux's
netstat command does not support the "p" flag though. I suppose you can do
this netstat during a supposed recipient of an exploit or if things seems
wierd.
Now, I use a program called 'check-ps' that checks for proc's and ps's
structure and kills unknown processes. I'll let you know now that if you
install this program and do not daemonize it, it'll leave hard to delete
temp folders/directories like this:
. ???!??????000!! ??
Is that wild or what???!! Guess i'll need to contact the creator for tips
on these directory deletions.
>Date: Mon, 14 Feb 2000 15:34:03 -0500
>From: "Baribault, Gary" <[EMAIL PROTECTED]>
>Subject: Re: Fwd: TrinityOS SUID results for Jan 26
>
>Looks like I can relax and look for a modified solution for the SUID
>comparisson. I was bitten by an irregularity in the LS command.. (See
below)
>
>Thank you all again for the prompt responses. I can cancel the order for
>tranquilizers.
>
>Gary B
>
>BTW is anyone else running into this problem of doing a diff on the results
>of a LS command?
>
>
>At 01:28 PM 2/14/00 -0600, you wrote:
>>Looks like you are getting bit by the ls(1) command. The way it behaves,
>>is that anything older than a given time frame (typically six months) is
>>displayed with a year, and anything younger is displayed with the time.
>>Also Future dates are displayed with the year.
>>
>>If you are checking for date changes, you should probably have a perl
>>script that can check the EPOCH date value, and also do things like
>>MD5(1) checksums.
>>
>>There are a few freeware products out there that already do this type of
>>stuff.
>>
>>Hope this helps.
>>
>>--
>>Chris Riney E-mail: [EMAIL PROTECTED]
>>Tandy Information Services
>>Tandy Technology Sqr, Suite 200
>>Fort Worth, TX 76102 Phone: 817/415-0308; 8:00am-5:00pm
CST,Mo-Fr
>>*** NOTICE: This in no way authorizes use of This E-mail address,
>>*** or any mentioned in this message, to be included in any Mailing
list!
_______________________________________________________
Get 100% FREE Internet Access powered by Excite
Visit http://freeworld.excite.com
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
