Re: Solaris 10 - Rootkit detection



arpitchaudhary1986@xxxxxxxxx wrote:
Hi,

I am working on Rootkit Detection on Solaris 10 OS on Spaarc. I am using two tools for the same - rkhunter and chkrootkit.

The output of the tools say that there is no rootkit. However, my system binaries are behaving suspiciously and I doubt that rootkits might be present.

Please suggest me with some good tool(free or minimally paid) for detecting Rootkits on Solaris 10.

Alternatively, if you know of other good approach towards the same, I would be glad to hear that.

Thanks,
Arpit

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------



Samhain will help you by checking the integrity of your files provided
you have clean files on hand. It will tell you of any changes
http://www.la-samhna.de/samhain/s_download.html

As for your system binaries behaving suspiciously:

A quick lsof | awk '/TCP|UDP/{print $1"\t"$7,$8 | "sort"}'|uniq will
show you any binaries listening and what they're connected to, might be
a starting point unless you're deeply rooted or something. Firewall
rules go a long way. Block out all, allow in what you need in.

Anyhow bottom line, Samhain or OSSEC should suffice.

--

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
SGFA, SGFE, C|EH, CNDA, CHFI, OSCP

"It takes 20 years to build a reputation and five minutes to
ruin it. If you think about that, you'll do things
differently." - Warren Buffett

227C 5D35 7DCB 0893 95AA 4771 1DCE 1FD1 5CCD 6B5E
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x5CCD6B5E


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------



Relevant Pages