Linux Journal: Thwarting the System Cracker, Part 4Oct 15, 1999, 12:36 (4 Talkback[s])
(Other stories by Marcel Gagné)
"This week's episode: verifying the integrity of your files."
"One of the first things your cracker will do is replace certain files on your system. You will wind up with a new version of "netstat" so that a "netstat -a" does not show any evidence of your cracker's presence. The cracker will also replace any file that might give him or her away."
"Since the files have been replaced, simply doing an "ls" will only confirm that the files are there. There are a number of ways that you can detect modified files on your system."
0 Talkback[s] (click to add your comment)