[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
[linux-security] Re: Different Forms of attack...
- From: Annex <annex thing annexgrp org>
- To: Urmane Hendrake <urmane urmane org>
- Cc: linux-security redhat com
- Subject: [linux-security] Re: Different Forms of attack...
- Date: Sat, 18 Jul 1998 18:01:55 +0600 (BGT)
On Tue, 14 Jul 1998, Urmane Hendrake wrote:
| >is there anywhere.... a description on what to expect or what happenes
| >during any one of these or other attacks listed somewhere? If so, could
check your logs closely.. all the time... but don't trust it all the
time:)
| go to rootshell.com, download the RootKit, and look through the source
| code - it's extremely educational. Nutshell version: with a simple "make
| install", an attacker with root privs can replace a whole slew of binaries
does 'make install' take care of the file date/size? if not.. a command
like this would be good enough to find out:
find / -cmin -1440
which will print out the name of all files who's status was changed within
last 1440 minutes..
| you'll never know they're there. (I happened to notice because my login
| prompt changed from hostname to FQDN - but almost shrugged it off).
remember... if you notice something... no matter how insignificant it
seems... dig it!
---
Shuman <annex thing annexgrp org>
Annex Group, Bangladesh http://www.annexgrp.org/hr
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]