[Gllug] rooting?
Kim Hawtin
kim at aldigital.co.uk
Thu Feb 14 11:56:43 UTC 2002
On Thu, Feb 14, 2002 at 11:43:20AM +0000, Richard Cohen wrote:
> On Thu, 14 Feb 2002, Allen Wayne wrote:
> > can anyone point me in the best drection to check if a machine has been
> > rooted ... possibly by the tuxkit? I have been asked to look at a PC running
> > RH6.???? with quite a few holes over (open ports etc etc...) root recentely
> > recieved a message about underliverable mail refering to the tuxkit
> > install... and a couple of logs appear to be either missing or unusual
> > ....ver long ftp logins missing ftp transfers
> >
> >
> > any pointers please????
>
> http://www.chkrootkit.org/ might be worth looking at...
one quick test for inconsistances it to "netstat -an" or "sockstat"
then nmap from the outside ...
see if the open listening sockets match.
its by no means a fail proof check, but if there is wierdness, a
reinstall might be in order, because you never know what is really
amiss.
also you can compare the state of the installed system files to that
of the rpm installed file database...(IIRC, i do'n't know how tho)
yours,
kim
--
:Kim_Hawtin:--------------------------------------:-----------------:
| A.L. Digital Ltd. Tel: +44 (20) 8742 0755 | .^. Don't fear|
| The Stores Fax: +44 (20) 8742 5995 | /V\ the |
| 2 Bath Road http://www.thebunker.net | // \\ penguins!|
| London W4 1LT http://www.aldigital.co.uk | /( )\ |
| UNITED KINGDOM mailto:kim at aldigital.co.uk | ^^ ^^ |
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list