Fw: [ Announce - Chkrootkit 0.38 ]

[girardot <girardot () mac com>]

I didn't see this come across the security basics list but I think it is a
great basic tool for *nix administrators to add to their toolbox.

Used alone or coupled with file integrity verification software like osiris
(http://osiris.shmoo.com/) you can have an increased degree of confidence in
your machines.

Even if you dont use the software, the site is a

Cheers
B

----- Original Message -----
From: "Nelson Murilo" <nelson () pangeia com br>
To: <users () chkrootkit org>
Sent: Friday, December 20, 2002 7:57 PM

Subject: [crt-users] [ Announce - Chkrootkit 0.38 ]

chkrootkit is a tool to locally check for signs of a rootkit.  More
information about chkrootkit and rootkits can be found at
http://www.chkrootkit.org/.

chkrootkit 0.38 is now available!  This version includes:
  * chkdirs.c; (thanks to Hal Pomeranz)
  * chkproc.c improvements; (Thanks to Kostya Kortchinsky)
  * new worms detected
    - slapper B
  * tcpdump trojan test added;
  * new ports added in the bindshell test;
  * sebek LKM detection;
  * new rootkits detected
    - LOC rootkit (thanks to Zeno)
    - Romanian rootkit (thanks to Anton Chuvakin)
    - others
  * minor bug fixes in the chkrootkit script;

The package was successfully tested on the following systems: Linux
2.0.x, 2.2.x and 2.4.x (any distribution), FreeBSD 2.2.x, 3.x and 4.x,
OpenBSD 2.6, 2.7, 2.8, 2.9, 3.0, 3.1 and 3.2, NetBSD 1.5.2 and Solaris
2.5.1, 2.6 and 8.0.

chkrootkit's tarball and its MD5 checksum are available at:
  * ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz
  * ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.md5

or at the chkrootkit's homepage, at:
  * http://www.chkrootkit.org/

More info about rootkits can be found at:
  * http://www.chkrootkit.org/index.html#related_links