Security Basics mailing list archives

Re: tools to run on compromised linux box

From: "Sukbum Hong" <sukbum.hong () cdnetworks co kr>
Date: Wed, 6 Aug 2008 22:20:29 +0900

Hello.

How about this?

These 3 programs are much widely used to check rootkit. 

chkrootkit : http://www.chkrootkit.org/
rkhunter : http://www.rootkit.nl/
rootcheck : http://www.ossec.net/en/rootcheck.html

Please check your kernel version and if your kernel is the lastest version.
Generally speaking, you would be no problem.

reference : 
Linux Kernel "vmsplice()" System Call Vulnerabilities 
http://secunia.com/advisories/28835/


Thanks.

Can anyone recommend some tools to run on a compromised linux
box to determine if there is further infestation? (rootkits, etc).

Current thread:

tools to run on compromised linux box lister (Aug 06)
- Re: tools to run on compromised linux box Sukbum Hong (Aug 06)
- Re: tools to run on compromised linux box Nikhil Wagholikar (Aug 06)
  - RE: tools to run on compromised linux box Murda Mcloud (Aug 06)
    - Re: tools to run on compromised linux box Ansgar -59cobalt- Wiechers (Aug 07)
    - RE: tools to run on compromised linux box Murda Mcloud (Aug 07)
- Re: tools to run on compromised linux box Adriel Desautels (Aug 06)
  - Re: tools to run on compromised linux box Erin Carroll (Aug 06)
- Re: tools to run on compromised linux box linux.gheek (Aug 06)
- <Possible follow-ups>
- Re: tools to run on compromised linux box jason . gerfen (Aug 06)