Slashdot Mirror

← Back to Stories (view on slashdot.org)

Detecting Rootkits In GNU/Linux

Posted by kdawson on from the watching-your-back dept.

An anonymous reader sends note of a blog post on rootkit detection in GNU/Linux. The article mentions only two utilities for ferreting out rootkits — the first comment to the blog post lists three additional ones — but it could be useful for those who haven't thought about the problem much. From the article: "A rootkit... is a collection of tools that a cracker installs on a victim's computer after gaining initial access. It generally consists of log cleaning scripts and trojaned replacements of core system utilities such as ps, top, ifconfig and so on."

12 of 142 comments (clear)

  1. Ah! No need for rootkit detector... by Rosco+P.+Coltrane · · Score: 4, Funny

    ... with the Internet Freedom Disk!

    --
    "A door is what a dog is perpetually on the wrong side of" - Ogden Nash
    1. Re:Ah! No need for rootkit detector... by Anonymous Coward · · Score: 2, Funny
      ... with the Internet Freedom Disk!
      First it was "freedom fries," and now they've gone and corrupted what was once a perfectly fine Internet French Disk with their misplaced patriotism.
  2. Pish Posh by eno2001 · · Score: 5, Funny

    It's GNU/Linux. Any hacker worth his salt doesn't want to bother with archaic OSes based on Unix. He wants the 1337 stylings of Windows Vista. No sense in rootkitting a *nix box. You can't do anything with a *nix box. But an army of zombie Vista PCs, now THAT is ULTIMATE POWER!

    --
    -"...bad old ideas look confusingly fresh when they are packaged as technology" - Jaron Lanier (Digital Maoism on Edge.o
  3. Yes, but... by Darlantan · · Score: 5, Funny

    You have your l33t ninja with his army of zombie Windows boxes... ...but how do they stack up to the *nix pirates, and their FTPs on the seven seas of the intarwebs? It's the classic clashes, modernized. Who has the REAL Ultimate Power?

    --
    Fill in your four or five-letter word of wisdom here _ _ _ _ _.
  4. I like to leave this up to the FBI by Timesprout · · Score: 4, Funny

    When the dark suits turn up on my doorstep with an arrest warrant on charges of attempting to crack confidential government sites I can be pretty sure my machine has been rooted.

    --
    Do not try to read the dupe, thats impossible. Instead, only try to realize the truth
    What truth?
    There is no dupe
  5. Re:ifl by stoolpigeon · · Score: 4, Funny

    i have no idea. i've never used any of them. this is a joke gone completely wrong. i just copied and pasted the comment from over at tfa. hence my subject: ifl (it's funny laugh). i figured it'd end up troll, over-rated, but i got such a laugh out of doing it (sorry i'm easily amused) that i figured it was worth it. in what is a horrid twist of fate, i now feel bad for getting modded up.

    --
    It's hard to believe that's how Micronians are made. Why don't we see it right now by having you both kiss one another?
  6. Re:This is... by diegocgteleline.es · · Score: 3, Funny

    Real men and real hackers write their programs in binary code, not in stupid and bloated assembler.

  7. Re:Read Only Drives by computational+super · · Score: 2, Funny

    Yeah, there's a program you can run to flip them whenever you need to. I had to install it SUID root though.

    --
    Proud neuron in the Slashdot hivemind since 2002.
  8. Meh, I don't trust those tools by straponego · · Score: 4, Funny

    I just eyeball /proc/kcore for anything suspicious every day or so.

  9. Re:This is... by Anonymous Coward · · Score: 1, Funny

    Cuz people who are looking to install rootkits on your computer are very respectful of copywrite law.

  10. Re:This would have been more appropriate: by Linker3000 · · Score: 2, Funny

    Hey, AC, There's a guy on the phone for you - says he's from SCO and he'd like a quick word.

    --
    AT&ROFLMAO
  11. The tables have turned, Mr. Bond... by RealGrouchy · · Score: 2, Funny

    Joke's on you, Linux boys (and girls?)!

    I don't have to worry about this. I use Windows!

    Oh wait...

    - RG>

    --
    Hey pal, this isn't a pleasantforest, so don't waste my time with pleasantries!