Re: SSHD rootkit in the wild/compromise for CentOS 5/6?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

Am 23.02.2013 um 05:52 schrieb Karanbir Singh <mail-lists@xxxxxxxxx>:
> On 02/22/2013 09:35 PM, Leon Fauster wrote:
>> i use following script to scan top level 
>> directories for files that are not packaged: 
> 
> If you trust your rpm-db, ...


i used to scan this list

rpm -qa --qf '%{NAME}-%{SIGGPG:pgpsig}-%{SIGPGP:pgpsig}-%{VENDOR}\n'

and checked them against keys that are _not_ in /etc/pki/rpm-gpg/.

Just as a normal sanity check (plus rpm -V).

i aware that this does not substitute a real auditing solution. 

--
LF

 
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux