[CentOS] Re: Tracking down whats causing a high load?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

Jim Perrin spake the following on 6/21/2006 6:00 AM:
> On 6/21/06, Ian mu <mu.llamas@xxxxxxxxx>
> wrote:
>> Used rkhunter which is fine apart from one app out of date which I've now
>> updated, chkrootkit its clear but chkproc gives a couple of processes
>> not in
>> readdir output, but they correspond to apps we are running when I
>> check in
>> /proc/pid/cmdline so think that sides looking ok (still checking a
>> couple of
>> bits though).
>>
> 
> 
> Keep in mind that tools like this should be run from trusted media and
> not from the suspected machine. This ensures that there is no
> kernel-space nastiness intercepting calls and feeding you bad
> information, as well as the fact that you're working from known good
> binaries. The centos live cd would be good for this, as well as
> knoppix or others. It may be traitorous to say this, but there's a
> knoppix based distro out there for forensic/data-recovery use with
> rootkit hunting tools on it. I generally keep a copy of it lying
> around, although the name escapes me at present.
> 
Is it knoppix-std?


-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux