Slashdot Mirror


Detecting Rootkits In GNU/Linux

An anonymous reader sends note of a blog post on rootkit detection in GNU/Linux. The article mentions only two utilities for ferreting out rootkits — the first comment to the blog post lists three additional ones — but it could be useful for those who haven't thought about the problem much. From the article: "A rootkit... is a collection of tools that a cracker installs on a victim's computer after gaining initial access. It generally consists of log cleaning scripts and trojaned replacements of core system utilities such as ps, top, ifconfig and so on."

7 of 142 comments (clear)

  1. Ah! No need for rootkit detector... by Rosco+P.+Coltrane · · Score: 4, Funny

    ... with the Internet Freedom Disk!

    --
    "A door is what a dog is perpetually on the wrong side of" - Ogden Nash
  2. Pish Posh by eno2001 · · Score: 5, Funny

    It's GNU/Linux. Any hacker worth his salt doesn't want to bother with archaic OSes based on Unix. He wants the 1337 stylings of Windows Vista. No sense in rootkitting a *nix box. You can't do anything with a *nix box. But an army of zombie Vista PCs, now THAT is ULTIMATE POWER!

    --
    -"...bad old ideas look confusingly fresh when they are packaged as technology" - Jaron Lanier (Digital Maoism on Edge.o
  3. Yes, but... by Darlantan · · Score: 5, Funny

    You have your l33t ninja with his army of zombie Windows boxes... ...but how do they stack up to the *nix pirates, and their FTPs on the seven seas of the intarwebs? It's the classic clashes, modernized. Who has the REAL Ultimate Power?

    --
    Fill in your four or five-letter word of wisdom here _ _ _ _ _.
  4. I like to leave this up to the FBI by Timesprout · · Score: 4, Funny

    When the dark suits turn up on my doorstep with an arrest warrant on charges of attempting to crack confidential government sites I can be pretty sure my machine has been rooted.

    --
    Do not try to read the dupe, thats impossible. Instead, only try to realize the truth
    What truth?
    There is no dupe
  5. Re:ifl by stoolpigeon · · Score: 4, Funny

    i have no idea. i've never used any of them. this is a joke gone completely wrong. i just copied and pasted the comment from over at tfa. hence my subject: ifl (it's funny laugh). i figured it'd end up troll, over-rated, but i got such a laugh out of doing it (sorry i'm easily amused) that i figured it was worth it. in what is a horrid twist of fate, i now feel bad for getting modded up.

    --
    It's hard to believe that's how Micronians are made. Why don't we see it right now by having you both kiss one another?
  6. Re:This is... by diegocgteleline.es · · Score: 3, Funny

    Real men and real hackers write their programs in binary code, not in stupid and bloated assembler.

  7. Meh, I don't trust those tools by straponego · · Score: 4, Funny

    I just eyeball /proc/kcore for anything suspicious every day or so.