> Another very good supplimentary tool, used in linux, is the netstat tool
> used in such a fashion:
>
> #netstat -veenp | more
>
> the reason for the pipe is that you will get tons of info on ports,
> datagrams,unix connections, you name it. You will actually see what process
> has ownership to what object or process in linux. Some builds of linux's
> netstat command does not support the "p" flag though. I suppose you can do
> this netstat during a supposed recipient of an exploit or if things seems
> wierd.
>
> Now, I use a program called 'check-ps' that checks for proc's and ps's
> structure and kills unknown processes. I'll let you know now that if you
> install this program and do not daemonize it, it'll leave hard to delete
> temp folders/directories like this:
>
> . ???!??????000!! ??
>
> Is that wild or what???!! Guess i'll need to contact the creator for tips
> on these directory deletions.
try rm ".*\?*" < removes any file beginning with a dot and containing a literal '?'.
use rmdir or rm -r to get rid of misnamed directories...
Note: this looks like a bad bug in the program, you should not run this one
as root.
> >Date: Mon, 14 Feb 2000 15:34:03 -0500
> >From: "Baribault, Gary" <[EMAIL PROTECTED]>
> >Subject: Re: Fwd: TrinityOS SUID results for Jan 26
> >
> >Looks like I can relax and look for a modified solution for the SUID
> >comparisson. I was bitten by an irregularity in the LS command.. (See
> below)
> >
> >Thank you all again for the prompt responses. I can cancel the order for
> >tranquilizers.
> >
> >Gary B
> >
> >BTW is anyone else running into this problem of doing a diff on the results
>
> >of a LS command?
> >
> >
> >At 01:28 PM 2/14/00 -0600, you wrote:
> >>Looks like you are getting bit by the ls(1) command. The way it behaves,
> >>is that anything older than a given time frame (typically six months) is
> >>displayed with a year, and anything younger is displayed with the time.
> >>Also Future dates are displayed with the year.
> >>
> >>If you are checking for date changes, you should probably have a perl
> >>script that can check the EPOCH date value, and also do things like
> >>MD5(1) checksums.
> >>
> >>There are a few freeware products out there that already do this type of
> >>stuff.
> >>
> >>Hope this helps.
> >>
> >>--
> >>Chris Riney E-mail: [EMAIL PROTECTED]
> >>Tandy Information Services
> >>Tandy Technology Sqr, Suite 200
> >>Fort Worth, TX 76102 Phone: 817/415-0308; 8:00am-5:00pm
> CST,Mo-Fr
> >>*** NOTICE: This in no way authorizes use of This E-mail address,
> >>*** or any mentioned in this message, to be included in any Mailing
> list!
>
>
>
>
>
> _______________________________________________________
> Get 100% FREE Internet Access powered by Excite
> Visit http://freeworld.excite.com
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
--
Juergen P. Meier email: [EMAIL PROTECTED]
Class GmbH Firmengruppe phone: +49 172 8379103
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
