The best way to monitor this kind of attack is to have an IDS (tripwire/aide) on your Linux that regularly checks your filesystem integrity.
HTH On Thu, 2003-12-04 at 12:03, Bopolissimus Platypus wrote: > hello all, > > given the recent debian, gentoo and fsf/savannah cracks, is there a > constantly updated root kit detection kit somewhere? something > like antivirus, intending to detect everything and doing its best to > be continually updated. i know that something like this, in binary, > can be dangerous in itself since generally it'll run as root so it > can read everything on the disk... so of course i'm looking for source, > something distributed by someone ethical, and audited by paranoid > people who don't trust the maintainer :). > > if there isn't one, there should be... there's a project for all those college > kids who hang out on cracker IRC channels and mailing lists :). monitor > for all the new rootkits, add them to the database, help secure the > net :). > > tiger -- Jimmy B. Lim IT Operation & Support Team Leader Tricom -- Philippine Linux Users' Group (PLUG) Mailing List [EMAIL PROTECTED] (#PLUG @ irc.free.net.ph) Official Website: http://plug.linux.org.ph Searchable Archives: http://marc.free.net.ph . To leave, go to http://lists.q-linux.com/mailman/listinfo/plug . Are you a Linux newbie? To join the newbie list, go to http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie
