[NTLUG:Discuss] root can not edit hosts.deny file

m m llliiilll at hotmail.com
Thu Jun 19 09:30:33 CDT 2003 



>From: Dennis Myhand <dmyhand at zamigo.net>
>
>Dennis Myhand wrote:
>
>>Richard Strittmatter wrote:
>>
>>>Also check in the /dev directory.
>>>
>>>A LOT of rootkits will put data directories there. Newer ones
>>>are also using /usr/share
>>>
>>>
>>>
>>>>-----Original Message-----
>>>>
>>>>  Your "ls" will be "fixed" to prevent it from showing root kit stuff, 
>>>>if your box is compromised.
>>>>
>>>>  Sometimes, something like busybox, which has its own built in commands 
>>>>can be used to look around with.
>>>>
>>>>  You might want to boot with knoppix and mount your hard drive and then 
>>>>look around on it.  The ls on knoppix will not be flawed.
>>>>
>>>>bug
>>>>
>>>>
>>>>On Tue, 17 Jun 2003, Kenneth Loafman wrote:
>>>>
>>>>
>>>>
>>>>>
>>>>>Look primarily in the executables directories:
>>>>>
>>>>>/bin/*
>>>>>/lib/*
>>>>>/sbin/*
>>>>>/usr/bin/*
>>>>>/usr/lib/*
>>>>>/usr/sbin/*
>>>>>/usr/local/bin/*
>>>>>/usr/local/lib/*
>>>>>/usr/local/sbin/*
>>>>>
>>>>>in particular:
>>>>>
>>>>>ls
>>>>>ps
>>>>>find
>>>>>top
>>>>>gtop

what should I look for on these? I have check wiht ltattr, they all have no 
' i'  attribute been set.

>>>>>
>>>>>or, any file that shows process state (to keep the task hidden) or, any 
>>>>>file that shows filesystem state (to keep the files hidden)
caould you give me an example?


>>>>>
>>>>>...Ken
>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>>>>_______________________________________________
>>>>https://ntlug.org/mailman/listinfo/discuss
>>>>
>>>>
>>>
>>>
>>>
>>>_______________________________________________
>>>https://ntlug.org/mailman/listinfo/discuss
>>>
>>>
>>>
>>>
>>I have also heard that there is a tool called "chrootkit" @ 
>>www.chrootkit.org which can assist in checking for rootkits.
>>
>>
>>_______________________________________________
>>https://ntlug.org/mailman/listinfo/discuss
>>
>>
>Okay... the real url is www.chkrootkit.org
>
>
>_______________________________________________
>https://ntlug.org/mailman/listinfo/discuss

_________________________________________________________________
Tired of spam? Get advanced junk mail protection with MSN 8. 
http://join.msn.com/?page=features/junkmail

More information about the Discuss mailing list