Professional Web Applications Themes

tool for checking compromised box - Debian

On Fri, Aug 01, 2003 at 08:21:14AM +0800, Louie Miranda wrote: > Hello, > > Is there any Debian package that can check a compromised box? I imagine it depends on what kind of "compromised" you're looking for. chkrootkit springs to mind if you think you've been rooted. integrit or tripwire are pretty cool too, but they're only useful if installed on a "known clean" system. Since they monitor changes to the filesystem, they need a snapshot of the "before" picture to compare against. HTH -- ,-------------------------------------------------------------------------. > -ScruLoose- | What makes a person so poisonous righteous < > Please ...

  1. #1

    Default Re: tool for checking compromised box

    On Fri, Aug 01, 2003 at 08:21:14AM +0800, Louie Miranda wrote:
    > Hello,
    >
    > Is there any Debian package that can check a compromised box?
    I imagine it depends on what kind of "compromised" you're looking for.
    chkrootkit springs to mind if you think you've been rooted.

    integrit or tripwire are pretty cool too, but they're only useful if
    installed on a "known clean" system. Since they monitor changes to the
    filesystem, they need a snapshot of the "before" picture to compare
    against.

    HTH
    --
    ,-------------------------------------------------------------------------.
    > -ScruLoose- | What makes a person so poisonous righteous <
    > Please do not | That they'd think less of anyone who just disagreed? <
    > reply off-list. | - Moxy Fruvous <
    `-------------------------------------------------------------------------'

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.0.6 (GNU/Linux)
    Comment: For info see [url]http://www.gnupg.org[/url]

    iD8DBQE/Kc5OGW5/T9+iw4kRAmsnAKDpeUtVSG5IBuyrijVz9j5aChKSJwCfcGN1
    Y3QL24EgeG4a6NFKhQe7hcQ=
    =mmv9
    -----END PGP SIGNATURE-----

    ScruLoose Guest

  2. #2

    Default Re: tool for checking compromised box

    on Fri, Aug 01, 2003 at 08:21:14AM +0800, Louie Miranda (louieaxishift.ath.cx) wrote:
    > Hello,
    >
    > Is there any Debian package that can check a compromised box?
    As previously noted, chkrootkit is one pallative.

    Note that once a box is suspect, your trust in any of its output is
    equally suspect. You must yze it from known good media (say, a
    Knoppix boot disk).

    A mix of chkrootkit, debsums, and the new tripwire replacement (aide,
    integrit), would probably be good. Reinstall from known good sources
    would be strongly recommended.

    Peace.

    --
    Karsten M. Self <kmselfix.netcom.com> [url]http://kmself.home.netcom.com/[/url]
    What Part of "Gestalt" don't you understand?
    Verio webhosting? Guaranteed downtime:
    [url]http://www.wired.com/news/politics/0,1283,57011,00.html[/url]
    [url]http://www.dowethics.com/r/environment/freedom.html[/url]

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.2 (GNU/Linux)

    iD8DBQE/LMW1efG8443k044RAjJMAKCMHwkwLbWMk6PD1xdBlugIO/hnmQCfU66q
    QgRcJJUV9I0CostCJpJzLZk=
    =Ap5w
    -----END PGP SIGNATURE-----

    Karsten M. Self Guest

Similar Threads

  1. Colour settings for Highlighter Tool and Underline Text Tool
    By Bernd_Kaskas@adobeforums.com in forum Adobe Acrobat Macintosh
    Replies: 3
    Last Post: June 1st, 06:27 AM
  2. Pencil Tool changes to Grab Tool Acrobat 7
    By Brad_Mihlfried@adobeforums.com in forum Adobe Acrobat Macintosh
    Replies: 12
    Last Post: September 25th, 04:18 AM
  3. Smudge tool & Red eye tool
    By Pete D in forum Adobe Photoshop Elements
    Replies: 0
    Last Post: August 28th, 02:02 PM
  4. GNU software compromised : Cert Advisory
    By Ken Kauffman in forum Linux Setup, Configuration & Administration
    Replies: 8
    Last Post: August 15th, 05:39 AM
  5. URL checking
    By A. Sinan Unur in forum PERL Miscellaneous
    Replies: 2
    Last Post: June 29th, 06:39 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139