Security Basics mailing list archives
Re: tools to run on compromised linux box
From: "Nikhil Wagholikar" <visitnikhil () gmail com>
Date: Wed, 6 Aug 2008 19:46:40 +0530
Hi Lister, Since the Linux machine is already compromised, its recommended to boot into an alternate operating system and start investigating the compromised system. There are many Bootable Forensics CDs out in market one of the popular out of them is HELIX. Besides this, NII Consulting has developed a open source tool named 'LINReS', which is used to perform Live incident response of a compromised Linux machine. LINReS is basically a software/tool in which all the useful Linux commands (such as netstat, netcat, lsof, dir, ls, ps etc) are statically compiled and packed in an archive. Hence an Forensic investigator can easily relay on LINReS, since you may never know, if the commands/binaries of the compromised Linux machines are replaced by hacker i.e. root kitted. More Information: Helix: http://www.e-fense.com/helix/downloads.php LINReS: http://www.niiconsulting.com/innovation/linres.html Best of Luck !! --- Nikhil Wagholikar Practice Lead | Security Assessment NII Consulting Web: http://www.niiconsulting.com/ Security Products: http://www.niiconsulting.com/products.html On Wed, Aug 6, 2008 at 5:20 AM, <lister () lihim org> wrote:
Can anyone recommend some tools to run on a compromised linux box to determine if there is further infestation? (rootkits, etc).
Current thread:
- tools to run on compromised linux box lister (Aug 06)
- Re: tools to run on compromised linux box Sukbum Hong (Aug 06)
- Re: tools to run on compromised linux box Nikhil Wagholikar (Aug 06)
- RE: tools to run on compromised linux box Murda Mcloud (Aug 06)
- Re: tools to run on compromised linux box Ansgar -59cobalt- Wiechers (Aug 07)
- RE: tools to run on compromised linux box Murda Mcloud (Aug 07)
- RE: tools to run on compromised linux box Murda Mcloud (Aug 06)
- Re: tools to run on compromised linux box Adriel Desautels (Aug 06)
- Re: tools to run on compromised linux box Erin Carroll (Aug 06)
- Re: tools to run on compromised linux box linux.gheek (Aug 06)
- <Possible follow-ups>
- Re: tools to run on compromised linux box jason . gerfen (Aug 06)