Re: Rootkit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: "For users of Fedora" <fedora-list@xxxxxxxxxx>
Subject: Re: Rootkit
From: "Dave Burns" <tburns@xxxxxxxxxx>
Date: Mon, 22 Oct 2007 21:33:16 -1000
In-reply-to: <200710230917.58352.manuel@xxxxxxxxxxxxxx>
References: <2941460.47791193120370689.JavaMail.bob.smith@xxxxxxxxxxx> <200710230917.58352.manuel@xxxxxxxxxxxxxx>
Reply-to: For users of Fedora <fedora-list@xxxxxxxxxx>

> getting the filehash of all the binaries
> installed from the beggining storing all the values in a database (outside
> from that box) and then if you think you could be hacked, just run again the
> filehash and compare it with the original one you got...

This is what tripwire and aide do. Not to mention rpm -v or even
md5sum. The hard part is to make sure that your hash tool and its
database have not also been tampered with.

Dave

References:
- Re: Rootkit
  - From: bob . smith
- Re: Rootkit
  - From: Manuel Arostegui Ramirez

Prev by Date: Re: Rootkit
Next by Date: Re: Rootkit
Previous by thread: Re: Rootkit
Next by thread: Re: Rootkit
Index(es):
- Date
- Thread

[Index of Archives] [Current Fedora Users] [Fedora Desktop] [Fedora SELinux] [Yosemite News] [Yosemite Photos] [KDE Users] [Fedora Tools] [Fedora Docs]