IDS mailing list archives
RootCheck - 0.4
From: Daniel Cid <danielcid () yahoo com br>
Date: Fri, 5 Dec 2003 14:45:32 -0300 (ART)
A new version of the RootCheck (0.4) is available. It now supports the report in html format and detect some more problems. the rootkit page was updated too, with a few more rootkits documented and more links. Link: http://www.ossec.net/rootcheck/ Download: http://www.ossec.net/rootcheck/files/rootcheck-0.4.tar.gz " RootCheck is an Open Source software that scans all the system looking for possible problems. The result of the scan can be sent to an e-mail and you can choose between the html or text format. On this version, RootCheck execute these "checks": Check the binaries for trojans Check for hidden/malicious open ports (used to find LKM rootkits too) Check the network interfaces and the "ifconfig" Check the passwd files Check the configuration files (httpd.conf, inetd.conf, xinetd.conf, sshd_config, sudoers and exports) Check the log files for possible problems (log file deleted, linked to /dev/null, etc) Check /proc and ps for hidden process (used to discover LKM rootkits) Check for public rootkits Check the /dev directory Check all the system for malicious files/directories and bad permissions " ______________________________________________________________________ Yahoo! Mail: 6MB, anti-spam e antivĂrus gratuito! Crie sua conta agora: http://mail.yahoo.com.br --------------------------------------------------------------------------- ---------------------------------------------------------------------------
Current thread:
- RootCheck - 0.4 Daniel Cid (Dec 05)