Security Basics: Re: tools to run on compromised linux box

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Basics mailing list archives

Re: tools to run on compromised linux box

From: "Sukbum Hong" <sukbum.hong () cdnetworks co kr>
Date: Wed, 6 Aug 2008 22:20:29 +0900

Hello.

How about this?

These 3 programs are much widely used to check rootkit. 

chkrootkit : http://www.chkrootkit.org/
rkhunter : http://www.rootkit.nl/
rootcheck : http://www.ossec.net/en/rootcheck.html

Please check your kernel version and if your kernel is the lastest version.
Generally speaking, you would be no problem.

reference : 
Linux Kernel "vmsplice()" System Call Vulnerabilities 
http://secunia.com/advisories/28835/


Thanks.

Can anyone recommend some tools to run on a compromised linux
box to determine if there is further infestation? (rootkits, etc).

By Date By Thread

Current thread:

tools to run on compromised linux box lister (Aug 06)
- Re: tools to run on compromised linux box Sukbum Hong (Aug 06)
- Re: tools to run on compromised linux box Nikhil Wagholikar (Aug 06)
  - RE: tools to run on compromised linux box Murda Mcloud (Aug 06)
    - Re: tools to run on compromised linux box Ansgar -59cobalt- Wiechers (Aug 07)
    - RE: tools to run on compromised linux box Murda Mcloud (Aug 07)
- Re: tools to run on compromised linux box Adriel Desautels (Aug 06)