zep wrote:
> so I found that one of my VM hosts seems to have been compromised in
> some way; I've shut it down, isolated it, found a few odd things like
> gibberish comments and odd hostnames that I don't recognise pointed back
> to 127.0.0.1 in /etc/hosts. I tried TRD and it seems mildly useful, but
> has more of a windowsy feel for what it wants to be able to fix. does
> anyone know of something with more linux rootkit detection as a focus?
> I could just rebuild this machine, but I'd like to know for sure what
> all/how bad this was broken so I can avoid it for next time.
Don't know TRD. Rootkits, though, we use rkhunter here.
And hostnames pointed to 127.0.0.1... I have a ton of them. #1 on the list
that points to that is, of course, doubleclick.com (and .net). It's a nice
way to get rid of ads, and speed up page loading.... Check, for example,
<http://someonewhocares.org/hosts/>
mark, who remembers the good old days of usenet
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
