IDS mailing list archives
Rootcheck && Rootkits
From: Daniel Cid <danielcid () yahoo com br>
Date: Mon, 20 Oct 2003 16:42:01 -0300 (ART)
Rootcheck 0.3 is available for download. This software checks all the system for possible problems... (the output of the rootcheck against a infected machine (honeynet scan29) can be read here: http://www.ossec.net/rootcheck/examples/ Here are the "checks" that the program execute: 1- Check the binaries 2- Check for hidden/malicious open ports 3- Check the interfaces 4- Check the passwd files 5- Check the configuration files (httpd.conf,inetd,sshd_confg, xinetd, exports) 6- Check the log files (syslog.conf, if syslog is running, etc) 7- Check for hidden process 8- Check for public rootkits 9- Check the /dev 10- Check the system for maliciousfiles/directories More info can be found here: http://www.ossec.net/rootcheck/README.security.txt Download here: http://www.ossec.net/rootcheck/files/rootcheck-0.3.tar.gz (or on sourceforge.net) And also, i have documented some rootkits/problems... More info here: http://www.ossec.net/rootkits/ *If someone want to help in the project, or to help with the rootkits "database", send an email :) Yahoo! Mail - o melhor webmail do Brasil http://mail.yahoo.com.br --------------------------------------------------------------------------- FREE Whitepaper: Better Management for Network Security Looking for a better way to manage your IP security? Learn how Solsoft can help you: - Ensure robust IP security through policy-based management - Make firewall, VPN, and NAT rules interoperable across heterogeneous networks - Quickly respond to network events from a central console Download our FREE whitepaper at: http://www.securityfocus.com/sponsor/Solsoft_focus-ids_031015 ---------------------------------------------------------------------------
Current thread:
- Rootcheck && Rootkits Daniel Cid (Oct 20)