Linux Today: Linux News On Internet Time.

Linux Magazine: Finding Rootkits, Infections, and Files

Jul 11, 2004, 09:00 (0 Talkback[s])
(Other stories by Jeremy Garcia)

"Last month's 'Tech Support' showed you how to monitor filesystem changes with Tripwire, a handy system utility that alerts you to all filesystem changes. Like SNORT and others, Tripwire's just one of many practical security measures that minds your system 24/7.

"Another sentry tool is chkrootkit, a free utility that can detect rootkits, loadable kernel modules, worms, and other nefarious cracker tools. (A rootkit is a collection of tools used to mask intrusion, obtain administrator-level access and, install a backdoor on a target computer. A loadable kernel module, or LKM, is a piece of code that's loaded directly into the Linux kernel.) chkrootkit uses digital signatures to detect over fifty known rootkits and LKMs. It also uses some simple heuristics--looking for hidden processes, hidden directories, and a few other simple checks--to attempt to detect unknown kits..."

Complete Story

Related Stories: