Detecting Rootkits In GNU/Linux

Detecting Rootkits In GNU/Linux 142

Posted by kdawson on Monday December 18, 2006 @04:19PM from the watching-your-back dept.

An anonymous reader sends note of a blog post on rootkit detection in GNU/Linux. The article mentions only two utilities for ferreting out rootkits — the first comment to the blog post lists three additional ones — but it could be useful for those who haven't thought about the problem much. From the article: "A rootkit... is a collection of tools that a cracker installs on a victim's computer after gaining initial access. It generally consists of log cleaning scripts and trojaned replacements of core system utilities such as ps, top, ifconfig and so on."

Detecting Rootkits In GNU/Linux

This discussion has been archived. No new comments can be posted.

Search 142 Comments Log In/Create an Account

Comments Filter:

Ah! No need for rootkit detector... (Score:5, Funny)

by Rosco P. Coltrane ( 209368 ) writes: on Monday December 18, 2006 @04:24PM (#17291108)

... with the Internet Freedom Disk [slashdot.org]!

Pish Posh (Score:5, Funny)

by eno2001 ( 527078 ) writes: on Monday December 18, 2006 @04:26PM (#17291136) Homepage Journal

It's GNU/Linux. Any hacker worth his salt doesn't want to bother with archaic OSes based on Unix. He wants the 1337 stylings of Windows Vista. No sense in rootkitting a *nix box. You can't do anything with a *nix box. But an army of zombie Vista PCs, now THAT is ULTIMATE POWER!

Re:Ah! No need for rootkit detector... (Score:2, Funny)

by Anonymous Coward writes: on Monday December 18, 2006 @04:33PM (#17291234)

... with the Internet Freedom Disk!
First it was "freedom fries," and now they've gone and corrupted what was once a perfectly fine Internet French Disk with their misplaced patriotism.

Yes, but... (Score:5, Funny)

by Darlantan ( 130471 ) writes: on Monday December 18, 2006 @04:36PM (#17291268)

You have your l33t ninja with his army of zombie Windows boxes... ...but how do they stack up to the *nix pirates, and their FTPs on the seven seas of the intarwebs? It's the classic clashes, modernized. Who has the REAL Ultimate Power?

I like to leave this up to the FBI (Score:5, Funny)

by Timesprout ( 579035 ) writes: on Monday December 18, 2006 @04:39PM (#17291324)

When the dark suits turn up on my doorstep with an arrest warrant on charges of attempting to crack confidential government sites I can be pretty sure my machine has been rooted.

Re:ifl (Score:5, Funny)

by stoolpigeon ( 454276 ) * writes: <bittercode@gmail> on Monday December 18, 2006 @04:44PM (#17291392) Homepage Journal

i have no idea. i've never used any of them. this is a joke gone completely wrong. i just copied and pasted the comment from over at tfa. hence my subject: ifl (it's funny laugh). i figured it'd end up troll, over-rated, but i got such a laugh out of doing it (sorry i'm easily amused) that i figured it was worth it. in what is a horrid twist of fate, i now feel bad for getting modded up.

Re:This is... (Score:4, Funny)

by diegocgteleline.es ( 653730 ) writes: on Monday December 18, 2006 @04:54PM (#17291544)

Real men and real hackers write their programs in binary code, not in stupid and bloated assembler.

Re:Read Only Drives (Score:3, Funny)

by computational super ( 740265 ) writes: on Monday December 18, 2006 @04:56PM (#17291562)

Yeah, there's a program you can run to flip them whenever you need to. I had to install it SUID root though.

Meh, I don't trust those tools (Score:5, Funny)

by straponego ( 521991 ) writes: on Monday December 18, 2006 @05:07PM (#17291730)

I just eyeball /proc/kcore for anything suspicious every day or so.

Re:This is... (Score:1, Funny)

by Anonymous Coward writes: on Monday December 18, 2006 @05:37PM (#17292220)

Cuz people who are looking to install rootkits on your computer are very respectful of copywrite law.

Re:This would have been more appropriate: (Score:3, Funny)

by Linker3000 ( 626634 ) writes: on Monday December 18, 2006 @09:17PM (#17295216) Journal

Hey, AC, There's a guy on the phone for you - says he's from SCO and he'd like a quick word.

The tables have turned, Mr. Bond... (Score:2, Funny)

by RealGrouchy ( 943109 ) writes: on Monday December 18, 2006 @11:57PM (#17296364)

Joke's on you, Linux boys (and girls?)!

I don't have to worry about this. I use Windows!

Oh wait...

- RG>

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Detecting Rootkits In GNU/Linux 142

Detecting Rootkits In GNU/Linux More Login

Detecting Rootkits In GNU/Linux

Ah! No need for rootkit detector... (Score:5, Funny)

Pish Posh (Score:5, Funny)

Re:Ah! No need for rootkit detector... (Score:2, Funny)

Yes, but... (Score:5, Funny)

I like to leave this up to the FBI (Score:5, Funny)

Re:ifl (Score:5, Funny)

Re:This is... (Score:4, Funny)

Re:Read Only Drives (Score:3, Funny)

Meh, I don't trust those tools (Score:5, Funny)

Re:This is... (Score:1, Funny)

Re:This would have been more appropriate: (Score:3, Funny)

The tables have turned, Mr. Bond... (Score:2, Funny)

Related Links Top of the: day, week, month.

Slashdot Top Deals

Slashdot