Security Guideance

• Previous message (by thread): Security Guideance
• Next message (by thread): Security Guideance
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2/23/2010 5:38 PM, Nathan Ward wrote:
> Using lsof, netstat, ls, ps, looking through proc with ls, cat, etc. is likely to not work if there's a rootkit on the box. The whole point of a rootkit is to hide processes and files from these tools.
>
> Get some statically linked versions of these bins on to the server, and hope they haven't patched your kernel.
>    
See if you can get a binary of busybox which has those tools and they're 
all contained in the binary.  It should run from any folder.

http://busybox.net

Very handy.

--Curtis

• Previous message (by thread): Security Guideance
• Next message (by thread): Security Guideance
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]