[1775] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Re: Re: Re: Re: Bind Overrun Bug and Linux

daemon@ATHENA.MIT.EDU (Nelson Murilo)
Mon May 25 02:51:05 1998

Date: Sun, 24 May 1998 18:35:37 -0300 (EST)
From: Nelson Murilo <nelson@pangeia.com.br>
To: linux-security@redhat.com
In-Reply-To: <Pine.LNX.3.96.980523192953.11903I-100000@spliff.pangeia.com.br>
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com


True,  many 'script kids' use rootkit's default configurations.
Usually admins don't have time for examine many types of rootkits 
and variations, for this case one year ago I write one script
for detect rootkits in linux and freebsd. 
Actualy this tools detect 4 types of rootkits in linux, 2
in freebsd and have fast updating.

The official url is:
ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz
One variation for Demonkit (by daemon9|route)
ftp://ftp.pangeia.com.br/pub/seg/pac/chkdemonkit.tar.gz


Regards,

-- 
N e l s o n  M u r i l o
Pangeia Informatica - Provedor de solucoes Internet.
http://www.pangeia.com.br

}On Sat, 23 May 1998, Shaun wrote:
}}This is all LRK actually contains, from it's readme:
}}chfn: local backdoor
}}chsh: local backdoor
}}inetd: remote backdoor
}}login: remote backdoor
}}ls/du: hide files
}}ifconfig: hide sniffing
}}netstat: hide connections
}}ps/top: hide processes
}}passwd: localhost backdoor
}}rshd: remote backdoor
}}syslogd: hide log strings
}}tcpd: avoid denials
}}It also includes linsniff, and a few other log cleaner programs.
}[...]
}}Don't be scared of 'configure rootkit ; make install'  kiddies, these are
}}the people like 'The Analyzer' that get caught up on becoming well known
}}in the hacker community, but have no real skills.
}}
}}Be scared of the people that you do not see on your system, or find
}}evidence of them being their, but you just know they are.
}
}
}
}
}

-- 
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------

To unsubscribe:
  mail -s unsubscribe linux-security-request@redhat.com < /dev/null


home help back first fref pref prev next nref lref last post