[728] in Intrusion Detection Systems
Rootkit Detection Program [info]
daemon@ATHENA.MIT.EDU (Christopher Klaus)
Sun Aug 18 16:59:31 1996
From: Christopher Klaus <cklaus@iss.net>
To: ids@uow.edu.au
Date: Fri, 16 Aug 1996 14:39:10 -0400 (EDT)
Reply-To: ids@uow.edu.au
We are building a System Security Scanner (S3) that audits machines.
It looks for vulnerabilities in Unix. We have added MD5 checksum
tests for looking for unpatched binaries as well as rootkit programs.
We currently have tested for Linux rootkit and SunOs rootkit. There is
tests looking for other hacking signatures and intrusions. Like testing
for sniffers and hidden files.
We are looking for people to test this software and give us feedback.
You can download the software on ftp.iss.net/sss
This software currently works under Sun, Solaris, Linux. We have working
on an AIX and HP version as well.
I would also like to see if other people on this list think these tests
are valuable to audit for.
thanks,
chris
--
Christopher William Klaus Voice: (404)252-7270. Fax: (404)252-2427
Internet Security Systems, Inc. "Internet Scanner finds
Ste. 115, 5871 Glenridge Dr, Atlanta, GA 30328 your network security holes
Web: http://iss.net/ Email: cklaus@iss.net before the hackers do."
