on Fri, Aug 01, 2003 at 08:21:14AM +0800, Louie Miranda ([EMAIL PROTECTED]) wrote: > Hello, > > Is there any Debian package that can check a compromised box?
As previously noted, chkrootkit is one pallative. Note that once a box is suspect, your trust in any of its output is equally suspect. You must analyze it from known good media (say, a Knoppix boot disk). A mix of chkrootkit, debsums, and the new tripwire replacement (aide, integrit), would probably be good. Reinstall from known good sources would be strongly recommended. Peace. -- Karsten M. Self <[EMAIL PROTECTED]> http://kmself.home.netcom.com/ What Part of "Gestalt" don't you understand? Verio webhosting? Guaranteed downtime: http://www.wired.com/news/politics/0,1283,57011,00.html http://www.dowethics.com/r/environment/freedom.html
pgp00000.pgp
Description: PGP signature
