On 4/16/06, George Toft <
george@georgetoft.com> wrote:
>
> To preclude a rootkit, you can always boot the box using Knoppix, then
> mount the suspect disk and look at /etc/shadow.
>
Unless it's a kernel-mode rootkit, in which case it more than likely
wouldn't use /etc/shadow.
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)