Rootcheck && Rootkits

From: Daniel Cid (danielcid_at_yahoo.com.br)
Date: 10/20/03

  • Next message: subsurface: "FW: RE:ICMP Ping Sweep Detection" 
    Date: Mon, 20 Oct 2003 16:42:01 -0300 (ART)
To: focus-ids@securityfocus.com

    Rootcheck 0.3 is available for download. This software
    checks all the system for possible problems... (the
    output of the rootcheck against a infected machine
    (honeynet scan29) can be read here:
    http://www.ossec.net/rootcheck/examples/

    Here are the "checks" that the program execute:

    1- Check the binaries
    2- Check for hidden/malicious open ports
    3- Check the interfaces
    4- Check the passwd files
    5- Check the configuration files
    (httpd.conf,inetd,sshd_confg, xinetd, exports)
    6- Check the log files
    (syslog.conf, if syslog is running, etc)
    7- Check for hidden process
    8- Check for public rootkits
    9- Check the /dev
    10- Check the system for maliciousfiles/directories

    More info can be found here:
    http://www.ossec.net/rootcheck/README.security.txt

    Download here:
    http://www.ossec.net/rootcheck/files/rootcheck-0.3.tar.gz
    (or on sourceforge.net)

    And also, i have documented some rootkits/problems...

    More info here:
    http://www.ossec.net/rootkits/

    *If someone want to help in the project, or to help
    with the rootkits "database", send an email :)

    Yahoo! Mail - o melhor webmail do Brasil
    http://mail.yahoo.com.br

    ---------------------------------------------------------------------------
    FREE Whitepaper: Better Management for Network Security

    Looking for a better way to manage your IP security?
    Learn how Solsoft can help you:
    - Ensure robust IP security through policy-based management
    - Make firewall, VPN, and NAT rules interoperable across heterogeneous
    networks
    - Quickly respond to network events from a central console

    Download our FREE whitepaper at:
    http://www.securityfocus.com/sponsor/Solsoft_focus-ids_031015
    ---------------------------------------------------------------------------

  • Next message: subsurface: "FW: RE:ICMP Ping Sweep Detection"

    Relevant Pages

    • Rootcheck 0.3 && Rootkits database
      ... Rootcheck 0.3 is available for download. ... Better Management for Network Security ...
      (Security-Basics)
    • RE: RPC Scan Issues
      ... set the feature to download and reboot the machine at anytime. ... running as a local service it has admin rights. ... suggestions to automate patching in the meantime (network in the thousands ... Better Management for Network Security ...
      (Focus-Microsoft)
    • Error number: 0x80244016
      ... Here is the MS site for the complete download, ... >single pc install for XP SP2 from ... >SP2 installs microsofts security center and firewall, ... >behind a network firewall with a proxy. ...
      (microsoft.public.windowsupdate)
    • Re: Windows Security Patches w/o network connection
      ... yeah, download and run mbsa, Microsoft Baseline Security Analyser. ... tell you what is missing on all machines on your network. ...
      (microsoft.public.security)
    • Re: Securing a Cisco Unity Server
      ... Download it now FREE! ... > FREE Whitepaper: Better Management for Network Security ...
      (Security-Basics)
    Loading