Challenge: How Did These Processes Get Here?

Thursday, 28 November 2002, 1:07 PM EST

Every now and then I like to issue challenges to my readers. This week you have another chance to test your wits against a problem, but the rewards are higher. Instead of a measly postcard, the winner will get a copy of Hacking Linux Exposed, Second Edition. I'll pick the winner from those who figure out the problem, based on the quality of the analysis of the problem described below. Anyway, onto the problem.

A user wrote me in a exasperated state. His machine had been cracked (his root password was less than stellar) and the cracker had installed various user-level rootkits and software. He had done a good job of removing the rootkits and cracking tools. When booting off CD (thus with no chance for any kernel modifications) he could see that there was nothing left that hadn't been accounted for. All the /etc/rc?.d directories were as they should be, no suspicious entries in /etc/xinetd.conf or /etc/xinetd.d.

He had no file integrity tools on this system (Tripwire, AIDE, etc) but he did verify each and every file that had a modification date and/or change date from the time the cracker entered, and nothing suspicious was in them.

[ Read more ]




Spotlight

Review: Bulletproof SSL and TLS

Posted on 12 September 2014.  |  Deploying SSL or TLS in a secure way is a great challenge for system administrators. This book aims to simplify that challenge by offering extensive knowledge and good advice - all in one place.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Mon, Sep 15th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //