[Plug-security] Once cracked
David A. Sinck
plug-security@lists.PLUG.phoenix.az.us
Sun, 9 Sep 2001 22:26:31 -0700
\_ SMTP quoth Craig White on 9/9/2001 11:41 as having spake thusly:
\_
\_ Assuming that you didn't use tripwire, on a system that uses rpm
\_ (Mandrake - RedHat) - you can try rpm -Va which should list all [...]
One of these hypothetical days, I'm going to take the best of breed
rootkits (loadable kernel modules, trojans, etc) and make a nice RPM
of all of them, so you can easily see if your rootkit is up-to-date
without effort.
rpm -Va rootkit
Which I would suppose be shortly followed by
rpm -Va script-kiddie
The loadable kernel modules are really scary as a compromise. If you
can't trust the kernel, who can you trust?
David