identifying files found by rkhunter

Edward Norton r00t3d at gmail.com
Fri Aug 4 23:03:05 MST 2006


  As an afterthought, what I would recommend, is taking a look at Zeppoo(
zeppoo.net). FYI, zeppoo is 2.6 only.

>From the docs:
"Zeppoo allows you to detect rootkits on the i386 architecture under Linux
by using /dev/kmem and /dev/mem. It can also detect hidden tasks, modules,
syscalls, some corrupted symbols, and hidden connections. Anti-Rootkits
which don't use these methods can be fooled easily."

Also of interest,

Bypassing Chkrootkit(translated):
http://translate.google.com/translate?u=http%3A%2F%2Fwww.zeppoo.net%2Farticles%2FBypasserChkrootkit&langpair=fr%7Cen&hl=en&ie=UTF-8&oe=UTF-8&prev=%2Flanguage_tools
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.plug.phoenix.az.us/pipermail/plug-discuss/attachments/20060804/c5f96716/attachment.htm


More information about the PLUG-discuss mailing list