Re: RPM aware rootkits?
From: dewt (dewt@kc.rr.com)Date: 02/13/02
- Previous message: R Dicaire: "ssh1 and X11 forwarding"
- In reply to: Anton Chuvakin: "RPM aware rootkits?"
- Next in thread: Seth Arnold: "Re: RPM aware rootkits?"
- Next in thread: Chris Green: "Re: RPM aware rootkits?"
- Next in thread: Anton Chuvakin: "Re: RPM aware rootkits?"
- Reply: Seth Arnold: "Re: RPM aware rootkits?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: dewt <dewt@kc.rr.com> To: Anton Chuvakin <anton@chuvakin.org>, focus-linux@securityfocus.com Date: Wed, 13 Feb 2002 13:26:47 -0600
On Tuesday 12 February 2002 12:44 pm, Anton Chuvakin wrote:
> Hello all,
>
> After spending some time in google.com, I decided to ask it here.
>
> Do you know any of the RPM-aware rootkits for Linux which will not be
> detected by "rpm --verify". I would prefer direct edit of /var/lib/rpm
> rather to trojaned rpm binary, but what the heck - whatever will do.
>
> I need to deploy something on Linux which will pass the "rpm -V", but will
> involve replacing some binaries. I can rebuild the stuff from source
> RPMs, recreate the package and then replace the stock RPM., but it is too
> messy (GPG sig will be different, but that will hopefully be OK for the
> honeypot).
>
> Thanks a lot for responses!
>
> Best regards,
i'm not aware of one, but making a small spec file for the trojaned binaries
and making your own rpm package could work, of course that wont pass the -Vp
option but not many people do that.
- Previous message: R Dicaire: "ssh1 and X11 forwarding"
- In reply to: Anton Chuvakin: "RPM aware rootkits?"
- Next in thread: Seth Arnold: "Re: RPM aware rootkits?"
- Next in thread: Chris Green: "Re: RPM aware rootkits?"
- Next in thread: Anton Chuvakin: "Re: RPM aware rootkits?"
- Reply: Seth Arnold: "Re: RPM aware rootkits?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
