Linux Today: Linux News On Internet Time.

More on LinuxToday

NewsForge: Is There a Rootkit Hunter in Your Arsenal?

Apr 09, 2004, 10:00 (0 Talkback[s])
(Other stories by Joe Barr)

"It's been about three years since I woke up one morning and discovered my Web/mail server was rooted. Thinking back, I must have assumed that just running Linux was enough to keep me out of harm's way. These days I am not so cocky. I try to keep current with security patches for the apps I run. I don't run services I don't need or use. And there is a firewall between me and the wild. One thing I haven't made a part of my regular routine--not yet, at least--is checking for rootkits on a regular basis. That may be about to change, since I found a nifty little project called rootkit hunter.

"Michael Boelen was motivated to create the rootkit hunter one day after he and a friend accidentally scanned a machine with a brand new installation of FreeBSD 5.0. The machine had no Internet connection, and yet the tool they used, chkrootkit, reported 'backdoored' binaries..."

Complete Story

Related Stories: