Les Mikesell <lesmikesell@xxxxxxxxx> kirjoitti:
bob.smith@xxxxxxxxxxx wrote:
>>
>> Something strange in those script? Something that lead you to think
>> you've a rootkit installed?
>>
>>
> I do this to get to know the system, I have been cracked many times and
> quite honestly have enough of it. Either I get to know my system deep
> down, or I run the box online all days all nights without protection.
The software included in the distro is fairly secure if you keep it up
to date with frequent 'yum update' runs. If you have been cracked 'many
times' it is likely to be because you have weak passwords that someone
is guessing through ssh, or you haven't kept the system up to date as
new exploits are discovered and fixed, or you have added 3rd party or
your own programs (like a lot of php web stuff...) that are insecure and
haven't kept them up to date.
--
Les Mikesell
lesmikesell@xxxxxxxxx
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
> The rootkit designs I saw were aimed at the kernel for some reason. No
> where could I find mention of a Linux rootkit.
>
FWIW, I been running rkhunter on Unix and Linux systems for several
years, on a regular basis. I also occasionally run chkrootkit, but
I like rkhunter better. It checks for more than 100 rootkits and
trojans <http://www.rootkit.nl/projects/rootkit_hunter.html>
And it checks md5 values for a number of files, in the easiest case
against the rpm db. e.g. rkhunter -c --pkgmgr rpm
Regards,
Doug Wyatt
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
hi,
well, I found rkhunter, ran it, and it did output a few warnings. Now...I feel more comfortable knowing about rkhunter, which I did not know before this thread.
A good thing would be to (for each distro) somehow document what is normal on a default installation(if such exists). For example the numerous unix sockets that are in use on my box worried me a lot. Of course they as someone mentioned "don't leave the system", but that didn't occur to me.
regarding the /tmp directory, there is an entry /tmp/keyring-something. Does anyone know what the term keyring means in the security context?
thank you for your advice and help
--
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list