Re: ?hack cause?

From: Reg Quinton (reggers@ist.uwaterloo.ca)
Date: 03/27/02

• Previous message: rir@vmei.acad.bg: "Re: ?hack cause?"
• In reply to: Mike P: "Re: ?hack cause?"
• Next in thread: Gordon Ewasiuk: "Re: ?hack cause?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "Reg Quinton" <reggers@ist.uwaterloo.ca>
To: "Mike P" <mike@phasa.org>, <focus-sun@securityfocus.com>
Date: Wed, 27 Mar 2002 10:14:20 -0500

> I would search for root kits first. Try
> http://www.chkrootkit.org/. Hopefully, you run tripwire
> or something like it.

On Solaris the "pkgchk" command (vendor provided) will tell
you about vendor files that have changed. It's not as robust
as tripwire (as it uses very weak CRC checksums) but it is
better than nothing and often will catch root kits.

There's also a nice vendor tool documented at:

http://www.sun.com/blueprints/0501/Fingerprint.pdf

That you can use to check stronger checksums..

Neither are as fancy as tripwire, both will help.

---

• Previous message: rir@vmei.acad.bg: "Re: ?hack cause?"
• In reply to: Mike P: "Re: ?hack cause?"
• Next in thread: Gordon Ewasiuk: "Re: ?hack cause?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > focus-sun  > 2002-03