12 Oct
2001
12 Oct
'01
04:41
* Eric Whiting;
I did a check of all /usr/bin /bin/ /sbin files. They all still have the same checksum as these files on a box in another safer world. (I used rsync -cnR -av -e ssh $SRC $DST to check these dirs) I did a manual scp/diff of netstat/ps/ls/strings. ^^^^^^^^^^^^^^^^
These would be the first to be replaced by an attacker AFAIK inorder to hide the files/directories he has installed. So unless you are using these utilities from a safe source I would not have trusted them. -- Togan Muftuoglu