http://www.chkrootkit.org/
On Tue, 22 Feb 2005 22:47:43 -0500, Brian Henning <[EMAIL PROTECTED]> wrote: > This makes me stop and think... > > Although I've noticed absolutely no strange behavior from my server, heaven > knows it's probably a wonderful candidate for being rooted.. It's running a > pretty old version of Linux, and I know that the ipchains are at least > partially broken (hopefully broken-safe rather than broken-wide-open, but > exactly---"hopefully"), and hasn't been updated in ages.. And it's directly > connected to the Internet (it IS the firewall). > > So with that in mind, what are people's favorite tools to use to detect > intrusion? I've heard of "rootkit detection tools" but know shamefully > little about them, so I'm very interested in folks' suggestions. > > As I already mentioned, I've no particular reason to believe I HAVE been > hacked.. but no particular reason to feel secure that I HAVEN'T, either... > > Cheers, > ~Brian > -- Joseph Tate Personal e-mail: jtate AT dragonstrider DOT com Web: http://www.dragonstrider.com -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
