From: Jake F Harwood (jakef@socrates.berkeley.edu)
Date: Wed Oct 24 2001 - 12:41:07 PDT
A tool that might help is chkrootkit
chkrootkit has been tested on: Linux 2.0.x, 2.2.x, FreeBSD 2.2.x, 3.x and
4.x, OpenBSD 2.6, 2.7, 2.8 and 2.9, Solaris 2.5.1, 2.6 and 8.0.
it can be picked up here http://www.chkrootkit.com/
I have always found this to be a must-have in the security-took box. (but
just my .02)
-F
At 11:06 AM 10/24/2001 -0700, Rusty Wright wrote:
>So are there any procedures we can go through to see if any of our
>systems running ssh1 were compromised?
>-------------------------------------
>Sent via the ucb-security mailing list.
-------------------------------------------------------------------------
Jake F Harwood University of California, Berkeley
System & Network Security phone (510)643-8241
"Who is this General Failure and why is he reading my hard drive?" -F
-------------------------------------------------------------------------
------------------------------------------------------------------------
The following was automatically added to this message by the list server:
For information about Micronet, its meetings and events, and its
mailing list, including information on subscribing and unsubscribing,
see the Micronet Web site at <http://wss.berkeley.edu/micronet/>.
This archive was generated by hypermail 2b29 : Wed Oct 24 2001 - 12:42:43 PDT