On Tue, 2002-04-23 at 22:31, Rory Campbell-Lange wrote: > There is a very small possibility that someone has intruded into our > network. I would like to test my 3 woody machines for possible root > kits. What is the best way of doing this? Should I check the md5sum of > programs such as find, ps and ifconfig against the packaged versions?
Thats always a good idea. Make sure your md5sum is not a trojan. Put a trusted md5sum onto a floppy, write protect it and use that. > Also, is there any way of checking for a kernel module type root kit? Theres a number of programmes that do this. Eg. http://sourceforge.net/projects/checkps/ Theres one called chrootkit, or something similar that checks for kernel modules. I forget where it is though. Kind Regards Crispin Wellington -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
