|
Full Disclosure
mailing list archives
Re: one of my servers has been compromized
From: Charles Morris <cmorris () cs odu edu>
Date: Tue, 6 Dec 2011 14:09:48 -0500
+1. Except instead of MD5 you want to use something that isn't garbage.
On Tue, Dec 6, 2011 at 1:18 PM, Paul Schmehl <pschmehl_lists () tx rr com> wrote:
A "poor man's" root kit detector is to take md5sums of critical system
binaries (you'd have to redo these after patching), and keep the list on an
inaccessible media (such as a thumb drive). If you think the system is
compromised, run md5sum against those files, and you will quickly know.
You could even keep statically compiled copies on the thumb drive to use in
an investigation.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
Re: one of my servers has been compromized Ferenc Kovacs (Dec 05)
Re: one of my servers has been compromized mitchell (Dec 05)
Re: one of my servers has been compromized Tim (Dec 05)
(Thread continues...)
| 
