Commonly Trojaned Linux services
From: CJ (hah@notonyerlife.com)Date: 03/14/02
- Previous message: Anders Larsen: "Re: /lib/security/.config"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "CJ" <hah@notonyerlife.com> Date: Thu, 14 Mar 2002 13:21:43 GMT
Hi,
I'm writing a "watchdog" script to keep an eye on a remote server.
I won't go into the ins and outs of how it works but what I'd like to know is
what are commonly altered/trojaned services on a linux box ? (RH7.2 on an i686
for me)
So far I've got
sshd
httpd
named
sendmail
and i've stuck in iptables for good measure.
Anything else that anyone is aware of, that in the normal course of things WOULD
NOT CHANGE!
I.E, I'm keeping an eye on /etc/passwd, but that will change occassionally
anyway as users are removed/added. I need to know of binaries that don't alter.
Yes ... it is somewhat similar to tripwire, but a little more viscious ;)
TIA
CJ
----------------------------------------------------------------------------
Year 2000 never bothered me.
It's year 65536 that I'm worried about
----------------------------------------------------------------------------
H4x0R : I'm way cooler than you! I got 40 scrypts that can kill yer machine
sysop : Heh! Yeah right!
w33n3r: Yeah. I can nail you from here man ... gimme your ip and you're toast!
l4m3rz: Yeah .. we rock .. we're gonna fry your machine
sysop : Ok, I dare ya ... My ip is 127.0.0.1
H4x0R : ##Disconnected##
w33n3r: ##Disconnected##
l4m3rz: ##Disconnected##
- Next message: Kasper Dupont: "Re: Encrypted file system without initial password:"
- Previous message: Anders Larsen: "Re: /lib/security/.config"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
