Security Incidents mailing list archives
Ramenfind Ramen detection and removal tool, V0.3
From: William Stearns <wstearns () pobox com>
Date: Mon, 5 Feb 2001 14:24:47 -0500
Good day, all, Attached is the latest version of the Ramenfind detection and removal tool. Unless problems show up, this should be the final release of this tool. The goals of the tool are: - It should be a shell script so it can be run from a single floppy linux if the user chooses. - It should use standard utilities on a Redhat Linux system. - It should allow for either detection or detection and removal of the worm. By default, it should only detect and perform no action. - It should run as a non-root user, invoking sudo as necessary. - The user should be given the chance to confirm each command before it is run. - The script should provide an option to archive the ramen files for later analysis. - It should check for needed support utilities. Changes from version 0.2: - If any utilities are missing, allow the user to abort or continue. - Handle leftover "tail" commands. - Remove "ftp" and "anonymous" from /etc/ftpusers. - Use Perl if nc is not available (many thanks to Justin Mason for the perl code and technical assistance). - Automatic RPM upgrade had a quoting case that didn't work; fixed. This, and any future versions of this script will soon be available at the following URL's: http://www.sans.org/y2k/ramen.htm http://www.ists.dartmouth.edu/IRIA/knowledge_base/tools/ramenfind.html http://www.linuxlock.org/features/ramenfix.html Many thanks to all who have contributed to this tool. If you have problems, suggestions, or requests, please contact me at: William Stearns <wstearns () pobox com> MD5sums for this tool: dc081eeb132031663e565aefb592508b ramenfind.v0.3 6e86aeec1678f9955176db9aa9d73f7d ramenfind.v0.3.gz Cheers, - Bill --------------------------------------------------------------------------- "As a computer I find your faith in technology amusing." (Courtesy of Gerhard Mack <gmack () imag net>) -------------------------------------------------------------------------- William Stearns (wstearns () pobox com). Mason, Buildkernel, named2hosts, and ipfwadm2ipchains are at: http://www.pobox.com/~wstearns LinuxMonth; articles for Linux Enthusiasts! http://www.linuxmonth.com --------------------------------------------------------------------------
Attachment:
ramenfind.v0.3.gz
Description: ramenfind.v0.3.gz
Current thread:
- Ramenfind Ramen detection and removal tool, V0.3 William Stearns (Feb 05)
- Ramenfind Ramen detection and removal tool, V0.4 William Stearns (Feb 14)