+1. Except instead of MD5 you want to use something that isn't garbage. On Tue, Dec 6, 2011 at 1:18 PM, Paul Schmehl <[email protected]> wrote: > A "poor man's" root kit detector is to take md5sums of critical system > binaries (you'd have to redo these after patching), and keep the list on an > inaccessible media (such as a thumb drive). If you think the system is > compromised, run md5sum against those files, and you will quickly know. > You could even keep statically compiled copies on the thumb drive to use in > an investigation. >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
