Security Basics mailing list archives
Re: tools to run on compromised linux box
From: "linux.gheek" <linux.gheek () gmail com>
Date: Wed, 06 Aug 2008 23:28:31 +0530
Hello, First let us know whether the said system is still up and running or not.If it is up its good for live analysis. You may come to know what exactly happening on the system. You may use any live CD and boot in parallel and try to find out what ports are listening, run nessus or other vulnerability scanners, check what files are open for what ports etc..
If you have earlier installed any integrity checker on the said system you may check it also.
If the system id down you have to use dead analysis tools like sleuthkit and autopsy etc.
Thanks, Mukesh lister () lihim org wrote:
Can anyone recommend some tools to run on a compromised linux box to determine if there is further infestation? (rootkits, etc).
Current thread:
- tools to run on compromised linux box lister (Aug 06)
- Re: tools to run on compromised linux box Sukbum Hong (Aug 06)
- Re: tools to run on compromised linux box Nikhil Wagholikar (Aug 06)
- RE: tools to run on compromised linux box Murda Mcloud (Aug 06)
- Re: tools to run on compromised linux box Ansgar -59cobalt- Wiechers (Aug 07)
- RE: tools to run on compromised linux box Murda Mcloud (Aug 07)
- RE: tools to run on compromised linux box Murda Mcloud (Aug 06)
- Re: tools to run on compromised linux box Adriel Desautels (Aug 06)
- Re: tools to run on compromised linux box Erin Carroll (Aug 06)
- Re: tools to run on compromised linux box linux.gheek (Aug 06)
- <Possible follow-ups>
- Re: tools to run on compromised linux box jason . gerfen (Aug 06)