|
IDS
mailing list archives
RootCheck - 0.4
From: Daniel Cid <danielcid () yahoo com br>
Date: Fri, 5 Dec 2003 14:45:32 -0300 (ART)
A new version of the RootCheck (0.4) is available.
It now supports the report in html format and detect
some more problems.
the rootkit page was updated too, with a few more
rootkits documented and more links.
Link: http://www.ossec.net/rootcheck/
Download:
http://www.ossec.net/rootcheck/files/rootcheck-0.4.tar.gz
"
RootCheck is an Open Source software that scans all
the system looking for
possible problems. The result of the scan can be sent
to an e-mail and you
can choose between the html or text format.
On this version, RootCheck execute these "checks":
Check the binaries for trojans
Check for hidden/malicious open ports (used to find
LKM rootkits too)
Check the network interfaces and the "ifconfig"
Check the passwd files
Check the configuration files (httpd.conf, inetd.conf,
xinetd.conf, sshd_config, sudoers and exports)
Check the log files for possible problems (log file
deleted, linked to /dev/null, etc)
Check /proc and ps for hidden process (used to
discover LKM rootkits)
Check for public rootkits
Check the /dev directory
Check all the system for malicious files/directories
and bad permissions
"
______________________________________________________________________
Yahoo! Mail: 6MB, anti-spam e antivĂrus gratuito! Crie sua conta agora:
http://mail.yahoo.com.br
---------------------------------------------------------------------------
---------------------------------------------------------------------------
 By Date 
By Thread
Current thread:
- RootCheck - 0.4 Daniel Cid (Dec 05)
|
Intro
