Carlos E. R. said the following on 01/04/2013 08:21 AM:
El 2013-01-04 a las 09:20 +0200, ellanios82 escribió:
- excuse my lack of knowledge . . . can you please give an example of how to use and compare MD5 sums for the purpose of rootkit forensics ??
There is a technique by which you record signatures of files at a time when you know they are correct, and later you compare them to see there was no modification. Used properly it is very reliable.
For example, tripwire http://linux.about.com/cs/linux101/g/tripwire.htm which has been around for a long time (over 20 years) and has a commercial counterpart for the Big Iron folk who need a commercial/supported version. http://en.wikipedia.org/wiki/Open_Source_Tripwire http://www.tripwire.com/ Of course you can always find ways to mount the system read only :-) (Mind you, that was easier before root and usr were merged!) -- Production is not the application of tools to materials, but logic to work. --Peter F. Drucker -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org