Linux Journal: Thwarting the System Cracker, Part 4

"This week's episode: verifying the integrity of your files."

"One of the first things your cracker will do is replace certain files on your system. You will wind up with a new version of "netstat" so that a "netstat -a" does not show any evidence of your cracker's presence. The cracker will also replace any file that might give him or her away."

"Since the files have been replaced, simply doing an "ls" will only confirm that the files are there. There are a number of ways that you can detect modified files on your system."

Complete story.

Related Stories:

• Linux Journal: Thwarting the System Cracker, Part 3(Oct 08, 1999)
• Linux Journal: Thwarting the System Cracker, Part 2(Oct 05, 1999)
• Linux Journal: Thwarting the System Cracker, Part 1(Sep 26, 1999)
• Linux Gazette: Security for the Home Network(Oct 10, 1999)
• Linux.com: Deploying a Linux Firewall(Oct 08, 1999)
• Security Portal: Do you have an Intrusion Detection Response Plan?(Aug 24, 1999)
• Security Portal: Detecting Intruders in Linux(Aug 16, 1999)