[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Security Guideance

Subject: Security Guideance
From: cmaurand at xyonet.com (Curtis Maurand)
Date: Wed, 24 Feb 2010 08:03:23 -0500
In-reply-to: <[email protected]>
References: <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]>

On 2/23/2010 5:38 PM, Nathan Ward wrote:
> Using lsof, netstat, ls, ps, looking through proc with ls, cat, etc. is likely to not work if there's a rootkit on the box. The whole point of a rootkit is to hide processes and files from these tools.
>
> Get some statically linked versions of these bins on to the server, and hope they haven't patched your kernel.
>    
See if you can get a binary of busybox which has those tools and they're 
all contained in the binary.  It should run from any folder.

http://busybox.net

Very handy.

--Curtis

References:
- Security Guideance
  - From: pstewart at nexicomgroup.net (Paul Stewart)
- Security Guideance
  - From: setient at gmail.com (Ronald Cotoni)
- Security Guideance
  - From: dwhite at olp.net (Dan White)
- Security Guideance
  - From: acv at miniguru.ca (acv)
- Security Guideance
  - From: nanog at daork.net (Nathan Ward)

Prev by Date: Security Guideance
Next by Date: Spamhaus...
Previous by thread: Security Guideance
Next by thread: Security Guideance
Index(es):
- Date
- Thread