Re: Rootkit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 2007-10-23 at 23:16 +0200, Jordi Prats wrote:
> But it does check for some listening ports. There is not a better tool 
> for that?

The best tool for that is nmap (or for the GUI users, nmap-fe).

> 
> Maybe a combination of chkrootkit -d with some AV? Any recomendation?
> 
> Thanks,
> Jordi
> 
> Dave Burns wrote:
> > On 10/22/07, Jordi Prats <jprats@xxxxxxxx> wrote:
> >> About this discussion, chkrootkit are for live systems, isn't it?
> >> There's any tool to do rootkit analysis on a "dead" system?
> >>
> >> I'm thinking of check for rootkits on snapshots of the file system of a
> >> virtual machine to determine if the running virtual machine is compromised.
> >>
> > 
> > Use -r switch? As long as you can mount the dead system as a (possbily
> > ro) filesystem, I don't see why not.
> > 
> > Dave
> > 
> >  chkrootkit --help
> > Usage: /usr/lib/chkrootkit-0.47/chkrootkit [options] [test ...]
> > Options:
> >         -h                show this help and exit
> >         -V                show version information and exit
> >         -l                show available tests and exit
> >         -d                debug
> >         -q                quiet mode
> >         -x                expert mode
> >         -r dir            use dir as the root directory
> >         -p dir1:dir2:dirN path for the external commands used by chkrootkit
> >         -n                skip NFS mounted dirs
> > 
> 
----------------------------------------------------------------------
- Rick Stevens, Principal Engineer             rstevens@xxxxxxxxxxxx -
- CDN Systems, Internap, Inc.                http://www.internap.com -
-                                                                    -
-                       When in doubt, mumble.                       -
----------------------------------------------------------------------


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux