Which Directory Service do you use for your network?
None NIS LDAP LDAP + Kerberos Samba Active Directory eDirectory other ( 753 votes ~ 14 comments )
You are not currently logged in. If you do not have a user account then please consider creating one and logging in before you post your comment. This will allow you to track replies to your comment, and take part in the site much more freely.
To add your comment, fill in all the boxes below and then preview it to make sure you're happy with the way that it looks.
This is the comment you were replying to, attached to the article Question: Has My Box Been compromised?:
#1 Re: Question: Has My Box Been compromised? Posted by Steve (82.41.xx.xx) on Wed 20 Jul 2005 at 16:58 I think most of the LiveCDs are much the same for this purpose. Whilst I could be mistaken most of the LiveCDs which I've previously seen which are targetted at "security use" have been more focussed upon scanning remote machines via nessus, etc, rather than detecting security issues upon their host machine. Whilst there are variation between the software packages included on various CDs mostly this will include software which you don't care about; browsers, office programs, etc. If you believe that you have been compromised the obvious things to check are the system processes and the system logs - although the former might have been wiped, and the latter will be no good if you've rebooted. Using a LiveCD the most important tool's will be the filesystem scanners, but if you don't have a known good collection of checksums/hashes they're not going to be terribly effective. You might be able to detect "strangely named" files, which rootkit detectors frequently flag such as "...", or ".. " - but detecting new kernel modules, or changed binaries will be a little bit more challenging. There are checksums you can use in /var/lib/dpkg/info/*.md5sums, however checking those will involve some simple scripting - and you might not trust those either. Steve -- Steve.org.uk
I think most of the LiveCDs are much the same for this purpose. Whilst I could be mistaken most of the LiveCDs which I've previously seen which are targetted at "security use" have been more focussed upon scanning remote machines via nessus, etc, rather than detecting security issues upon their host machine.
Whilst there are variation between the software packages included on various CDs mostly this will include software which you don't care about; browsers, office programs, etc.
If you believe that you have been compromised the obvious things to check are the system processes and the system logs - although the former might have been wiped, and the latter will be no good if you've rebooted.
Using a LiveCD the most important tool's will be the filesystem scanners, but if you don't have a known good collection of checksums/hashes they're not going to be terribly effective.
You might be able to detect "strangely named" files, which rootkit detectors frequently flag such as "...", or ".. " - but detecting new kernel modules, or changed binaries will be a little bit more challenging.
There are checksums you can use in /var/lib/dpkg/info/*.md5sums, however checking those will involve some simple scripting - and you might not trust those either.
Steve -- Steve.org.uk
Posting Format:
Inappropriate comments will be removed.
Some help on entry formatting is available
Username:
Password:
[ Advanced Login ]
Register Account
