Rootkits was [Re: [ILUG] pam problem]
rick at linuxmafia.com
Tue Aug 21 12:07:25 IST 2001
begin JustinMacCarthy quotation:
> As no-one mentioned this, it would be an idea to run rpm to verify your
> installed packages, should pick up some Trojans , you should check rpm
> itself too :-)
Using the handy copy of /var/lib/rpm/* that you've providentially kept
off-system on read-only media, of course. Otherwise, we're talking
about a joke-shop notion of "verification".
A non-joke-shop notion of a host-based IDS might be constructed using
something as simple as md5sums, or you could use AIDE or Tripwire.
Cheers, "Not only does the English language borrow from other languages,
Rick Moen it sometimes chases them through dark alleys, hits them over the
rick at linuxmafia.com head, and goes through their pockets." -- Eddy Peter
More information about the ILUG