RE: Have I been kitted?From: James Golovich (firstname.lastname@example.org)
- Previous message: Matthew Berg: "Re: Have I been kitted?"
- In reply to: Tommy McLeod: "RE: Have I been kitted?"
- Next in thread: Matthew Berg: "Re: Have I been kitted?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 14 Jun 2002 15:01:54 -0400 (EDT) From: James Golovich <email@example.com> To: firstname.lastname@example.org
On 13 Jun 2002, Tommy McLeod wrote:
> use md5sum on your lsof command (md5sum /usr/sbin/lsof)
> run the same thing against your original binary (from the CD)
> use lsof (lsof -i tcp and lsof -i udp)
> check these against a ps of all processes.
One quick note, don't forget to use the md5sum from the CD (or recompile a
new one) because if a root kit has been installed chances are md5sum has
been replaced to return the correct md5s for the modified binaries.