Commonly Trojaned Linux services

From: CJ (
Date: 03/14/02

  • Next message: Kasper Dupont: "Re: Encrypted file system without initial password:"

    From: "CJ" <>
    Date: Thu, 14 Mar 2002 13:21:43 GMT


    I'm writing a "watchdog" script to keep an eye on a remote server.
    I won't go into the ins and outs of how it works but what I'd like to know is
    what are commonly altered/trojaned services on a linux box ? (RH7.2 on an i686
    for me)

    So far I've got

    and i've stuck in iptables for good measure.

    Anything else that anyone is aware of, that in the normal course of things WOULD

    I.E, I'm keeping an eye on /etc/passwd, but that will change occassionally
    anyway as users are removed/added. I need to know of binaries that don't alter.

    Yes ... it is somewhat similar to tripwire, but a little more viscious ;)



    Year 2000 never bothered me.
    It's year 65536 that I'm worried about
    H4x0R : I'm way cooler than you! I got 40 scrypts that can kill yer machine
    sysop : Heh! Yeah right!
    w33n3r: Yeah. I can nail you from here man ... gimme your ip and you're toast!
    l4m3rz: Yeah .. we rock .. we're gonna fry your machine
    sysop : Ok, I dare ya ... My ip is
    H4x0R : ##Disconnected##
    w33n3r: ##Disconnected##
    l4m3rz: ##Disconnected##