[NTLUG:Discuss] chkrootkit
MadHat
madhat at unspecific.com
Mon Oct 24 13:09:29 CDT 2005
On Oct 22, 2005, at 9:39 PM, Chris Cox wrote:
> Terry wrote:
> ...
>>
>>
>> Do any of the live-cds have chrootkit on them?
>>
>
> http://www.knoppix-std.org
>
> Not sure if anything better is out nowadays. I've used this
> one in the past.
STD is not bad, except for the name...
Whoppix was ok. It has been renamed to whax? (http://www.iwhax.net/
modules/news/)
Phlak is another one. (http://www.phlak.org/modules/news/)
Auditor is another. (http://new.remote-exploit.org/index.php/
Auditor_main)
PLAC, http://sourceforge.net/projects/plac
Now, if you think your system has been compromised, you might want to
look at forensics tools instead of auditing tools.
Fire: http://fire.dmzs.com/
Helix: http://www.e-fense.com/helix/
FCCU: http://www.d-fence.be/
SleuthKit: http://www.sleuthkit.org/sleuthkit/desc.php
Penguin Sleuth: http://www.linux-forensics.com/downloads.html
etc....
--
MadHat (at) Unspecific.com, C²ISSP
E786 7B30 7534 DCC2 94D5 91DE E922 0B21 9DDC 3E98
gpg --keyserver wwwkeys.us.pgp.net --recv-keys 9DDC3E98
More information about the Discuss
mailing list