Rootcheck 0.3 is available for download. This software
checks all the system for possible problems... (the
output of the rootcheck against a infected machine
(honeynet scan29) can be read here:
http://www.ossec.net/rootcheck/examples/
Here are the "checks" that the program execute:
1- Check the binaries
2- Check for hidden/malicious open ports
3- Check the interfaces
4- Check the passwd files
5- Check the configuration files
(httpd.conf,inetd,sshd_confg, xinetd, exports)
6- Check the log files
(syslog.conf, if syslog is running, etc)
7- Check for hidden process
8- Check for public rootkits
9- Check the /dev
10- Check the system for maliciousfiles/directories
More info can be found here:
http://www.ossec.net/rootcheck/README.security.txt
Download here:
http://www.ossec.net/rootcheck/files/rootcheck-0.3.tar.gz
(or on sourceforge.net)
And also, i have documented some rootkits/problems...
More info here:
http://www.ossec.net/rootkits/
*If someone want to help in the project, or to help
with the rootkits "database", send an email :)
Yahoo! Mail - o melhor webmail do Brasil
http://mail.yahoo.com.br
---------------------------------------------------------------------------
FREE Whitepaper: Better Management for Network Security
Looking for a better way to manage your IP security?
Learn how Solsoft can help you:
- Ensure robust IP security through policy-based management
- Make firewall, VPN, and NAT rules interoperable across heterogeneous
networks
- Quickly respond to network events from a central console
Download our FREE whitepaper at:
http://www.securityfocus.com/sponsor/Solsoft_focus-ids_031015
---------------------------------------------------------------------------
Received on Oct 20 2003
Intro
