Mailinglist Archive: opensuse-security (636 mails)

< Previous Next >
Re: [suse-security] server-check
  • From: Togan Muftuoglu <toganm@xxxxxxxx>
  • Date: Sat, 10 Feb 2001 13:48:05 +0200
  • Message-id: <3A852A75.23011C75@xxxxxxxx>
Thomas Lamy wrote:
> No, it's just your binaries are swapped with those from the root-kit, and
> these hide themselves... Get those binaries from a safe machine (better
> CD-ROM) into a temporary directory (for forensic analysis, do not overwrite
> any binaries nor reboot the machine!), and try it again with those safe
> binaries. You may also do an "rpm --verify -a > /tmp/some/file" to check the
> md5-hashes of all installed packages, to see if and which binaries on your
> sytem have been replaced by the attacker's root-kit.


Ok can I run these tools from my laptop connected to my the f....ed
machine via ethernet. ( I can use the live CD so those binaries on the
laptop machine will not have the possibility to be hacked

> Regards,
> Thomas
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> For additional commands, e-mail: suse-security-help@xxxxxxxx

Togan Muftuoglu

< Previous Next >
Follow Ups