RPM aware rootkits?

From: Anton Chuvakin (anton@chuvakin.org)
Date: 02/12/02

Previous message: Devdas Bhagat: "Halted firewall against firewall in bridging mode."
Next in thread: dewt: "Re: RPM aware rootkits?"
Reply: dewt: "Re: RPM aware rootkits?"
Reply: Anton Chuvakin: "Re: RPM aware rootkits?"
Reply: Chris Green: "Re: RPM aware rootkits?"
Reply: Michal Zalewski: "Re: RPM aware rootkits?"
Reply: Jose Nazario: "Re: RPM aware rootkits?"
Reply: Anton Chuvakin: "Re: RPM aware rootkits?"
Reply: Jeff Hedgpeth: "Re: RPM aware rootkits?"
Reply: Michael H. Warfield: "Re: RPM aware rootkits?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 12 Feb 2002 13:44:52 -0500 (EST)
From: Anton Chuvakin <anton@chuvakin.org>
To: focus-linux@securityfocus.com

Hello all,

After spending some time in google.com, I decided to ask it here.

Do you know any of the RPM-aware rootkits for Linux which will not be
detected by "rpm --verify". I would prefer direct edit of /var/lib/rpm
rather to trojaned rpm binary, but what the heck - whatever will do.

I need to deploy something on Linux which will pass the "rpm -V", but will
involve replacing some binaries. I can rebuild the stuff from source
RPMs, recreate the package and then replace the stock RPM., but it is too
messy (GPG sig will be different, but that will hopefully be OK for the
honeypot).

Thanks a lot for responses!

Best regards,

-- 
     Anton A. Chuvakin, Ph.D.
     http://www.chuvakin.org
   http://www.info-secure.org

Previous message: Devdas Bhagat: "Halted firewall against firewall in bridging mode."
Next in thread: dewt: "Re: RPM aware rootkits?"
Reply: dewt: "Re: RPM aware rootkits?"
Reply: Anton Chuvakin: "Re: RPM aware rootkits?"
Reply: Chris Green: "Re: RPM aware rootkits?"
Reply: Michal Zalewski: "Re: RPM aware rootkits?"
Reply: Jose Nazario: "Re: RPM aware rootkits?"
Reply: Anton Chuvakin: "Re: RPM aware rootkits?"
Reply: Jeff Hedgpeth: "Re: RPM aware rootkits?"
Reply: Michael H. Warfield: "Re: RPM aware rootkits?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Seeking assistance with system faults
... Seeking assistance with system faults ... > I am in the process of developing a Linux Trouleshooting training course. ... > I am seeking help in developing faults that can be placed on student machines, ... This module was for RPM usage. ...
(Fedora)
Re: windows to linux relation
... installations in linux. ... SuSE is rpm-based, so you can just use rpm like in RedHat, Mandriva, ... Filename extensions are not used to denote executable files in *nix; ...
(comp.os.linux.misc)
Re: Of mice and men
... The RPM file is a relatively new way of packaging Linux ... > under Xorg screens, so can co-exist. ... I have found that the "non kernel" packages are so dynamic it's a constant ...
(comp.lang.cobol)
Re: Dependencies
... You won't master Linux or any Linux distro in a weekend and don't kid ... use several repositories to increase the chances that dependencies will ... You could maintain a hand built repository by downloading/dumping all ... rpms into a single dir on your hard disk, ...
(linux.redhat)
Re: Redhat Package Management Hell..solutions?
... > I have been using Linux for many years as backend servers/web ... I wanted to install bittorrent on my ... I downloaded the RPM, clicked on it, and it told me that it ... It needs to be as easy as it was in Windows), ...
(comp.os.linux.misc)