Slashdot Mirror

← Back to Stories (view on slashdot.org)

Detecting Rootkits In GNU/Linux

Posted by kdawson on from the watching-your-back dept.

An anonymous reader sends note of a blog post on rootkit detection in GNU/Linux. The article mentions only two utilities for ferreting out rootkits — the first comment to the blog post lists three additional ones — but it could be useful for those who haven't thought about the problem much. From the article: "A rootkit... is a collection of tools that a cracker installs on a victim's computer after gaining initial access. It generally consists of log cleaning scripts and trojaned replacements of core system utilities such as ps, top, ifconfig and so on."

1 of 142 comments (clear)

  1. Re:This is... by Rosco+P.+Coltrane · · Score: 5, Informative

    It's rather difficult to load kernel obfuscation modules (like hiding processes and files) without header files and no compiler.

    I'll tell you a little secret: if you know the kernel version number and target architecture, you can build a module on another, totally different machine. Wow! 2007 technology man!

    --
    "A door is what a dog is perpetually on the wrong side of" - Ogden Nash