Security Basics mailing list archives
Re: Linux rootkit question
From: Pierre Jaury <pierre () jaury eu>
Date: Tue, 02 Mar 2010 01:25:42 +0100
Hello, You may rootkit your system inside a vm if you really are curious. Using recent code, results are surprising and checkers quite inefficient. Chkroot doesn't actually detects the rootkit itself but his fingerprint on your system (pid, files in /proc for simplest rootkits). It also detects inconsistancies in your system stats that may discole some hidden process/sockets. Looots of details on http://www.rootkitanalytics.com/ Pierre. Le dimanche 28 février 2010 à 16:28 +0530, J. Bakshi a écrit :
Hello, During the test with chkrootkit and rkhunter I can see those tools
check the system against a no.of rootkits. How a system practically behave when infected by a rootkit ? Is it possible to infect my Linux OS running inside vmware with rootkits and observe its behavior ?
Thanks
-- Pierre Jaury <pierre () jaury eu> -----BEGIN GEEK CODE BLOCK----- Version: 3.12 GCS d- s+:- a-- C++ UL+++ P++ L+++ E W+++ N++ o-- K w-- O- M- V- PS+ PE Y PGP+++ t++ 5 X R tv b++ DI+ D G+ e++ h- r++ y+ ------END GEEK CODE BLOCK------
Attachment:
signature.asc
Description: Ceci est une partie de message numériquement signée
Current thread:
- Linux rootkit question J. Bakshi (Mar 01)
- Message not available
- Re: Linux rootkit question J.Bakshi (Mar 02)
- Message not available
- <Possible follow-ups>
- Re: Linux rootkit question Pierre Jaury (Mar 02)