[1767] in linux-security and linux-alert archive
[linux-security] Re: Re: Re: Bind Overrun Bug and Linux
daemon@ATHENA.MIT.EDU (Leigh Porter)
Fri May 22 09:37:58 1998
Date: Fri, 22 May 1998 13:05:35 +0000
From: Leigh Porter <leigh@wisper.net>
To: linux-security@redhat.com
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com
Duncan Simpson wrote:
> A recent CERT advisory said the sort of things we expect
>
> ps, pstree, netstat, ls, etc omit interesting information that you might not
> want to reveal.
> bind xterm backdoor.
>
> It has not happened to me so I do not know myself. Last time I recompiled
> everything from known clean source and it was *not fun*. I checked for hidden
> processes and stuff like that using echo * instead of ls (which is one of the
> most likely things to be trojanised).
I keep a secret store of such handy things as ls, ps etc on all my systems and
every
night I have a process check the md5sum of every config/binary/lib on the box
and report any problems to me.
No it's not fun :)
--
Leigh Porter
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe: mail -s unsubscribe test-list-request@redhat.com < /dev/null