Rootcheck && Rootkits

[Daniel Cid <danielcid () yahoo com br>]

Rootcheck 0.3 is available for download. This software
checks all the system for possible problems... (the
output of the rootcheck against a infected machine
(honeynet scan29) can be read here:
http://www.ossec.net/rootcheck/examples/

Here are the "checks" that the program execute:

1- Check the binaries
2- Check for hidden/malicious open ports
3- Check the interfaces
4- Check the passwd files
5- Check the configuration files
(httpd.conf,inetd,sshd_confg, xinetd, exports)
6- Check the log files
(syslog.conf, if syslog is running, etc)
7- Check for hidden process
8- Check for public rootkits
9- Check the /dev
10- Check the system for maliciousfiles/directories

More info can be found here:
http://www.ossec.net/rootcheck/README.security.txt

Download here:
http://www.ossec.net/rootcheck/files/rootcheck-0.3.tar.gz
(or on sourceforge.net)

And also, i have documented some rootkits/problems...

More info here:
http://www.ossec.net/rootkits/

*If someone want to help in the project, or to help
with the rootkits "database", send an email :)


Yahoo! Mail - o melhor webmail do Brasil
http://mail.yahoo.com.br

---------------------------------------------------------------------------
FREE Whitepaper: Better Management for Network Security

Looking for a better way to manage your IP security?
Learn how Solsoft can help you:
- Ensure robust IP security through policy-based management
- Make firewall, VPN, and NAT rules interoperable across heterogeneous
networks
- Quickly respond to network events from a central console

Download our FREE whitepaper at:
http://www.securityfocus.com/sponsor/Solsoft_focus-ids_031015 
---------------------------------------------------------------------------