> i am developing a small host integrity scanner / checker, to hunt
> rootkits and trojans. offcourse, i need to add more methods /
> techniques to detect. I am currently hashing out important files like
> kernel, /boot dir and System.map files. Is there any other possible
> way to code it better and anyother suggestion would be really helpful
> in my coding.
Don't reinvent the wheel -- just use Tripwire.
http://sourceforge.net/projects/tripwire/ for the open source version,
or http://www.tripwire.com/products/ for the commercial version if you
need something beefier. Based on what you've said in your message, it
sounds like the open source version will work just fine.
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaig
n=intro_sfw
to learn more.
------------------------------------------------------------------------
> rootkits and trojans. offcourse, i need to add more methods /
> techniques to detect. I am currently hashing out important files like
> kernel, /boot dir and System.map files. Is there any other possible
> way to code it better and anyother suggestion would be really helpful
> in my coding.
Don't reinvent the wheel -- just use Tripwire.
http://sourceforge.net/projects/tripwire/ for the open source version,
or http://www.tripwire.com/products/ for the commercial version if you
need something beefier. Based on what you've said in your message, it
sounds like the open source version will work just fine.
Cheers,
Terry
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaig
n=intro_sfw
to learn more.
------------------------------------------------------------------------
[ reply ]