|
Focus on IDS
rootkit and trojan hunting Mar 26 2008 06:05AM Return C (return c gmail com) (2 replies) Re: rootkit and trojan hunting Mar 26 2008 06:34PM \Zow\ Terry Brugger (zow acm org) (2 replies) Re: rootkit and trojan hunting Mar 27 2008 11:11AM Nuno Treez (nunotreez gmail com) (1 replies) Re: rootkit and trojan hunting Mar 27 2008 05:26PM \Zow\ Terry Brugger (zow acm org) (1 replies) |
|
|
Privacy Statement |
>> i am developing a small host integrity scanner / checker, to hunt
>> rootkits and trojans. offcourse, i need to add more methods /
>> techniques to detect. I am currently hashing out important files like
>> kernel, /boot dir and System.map files. Is there any other possible
>> way to code it better and anyother suggestion would be really helpful
>> in my coding.
>
> Don't reinvent the wheel -- just use Tripwire.
> http://sourceforge.net/projects/tripwire/ for the open source version,
> or http://www.tripwire.com/products/ for the commercial version if you
> need something beefier. Based on what you've said in your message, it
> sounds like the open source version will work just fine.
>
> Cheers,
> Terry
>
Also worth mentioning are aide http://sourceforge.net/projects/aide ,
which does file integrity checking , and rkhunter and lynis
http://www.rootkit.nl/ , rkunter checks the system for rootkits and
trojans and lynis checks for some configuration issues.
hth,
jeff
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaig
n=intro_sfw
to learn more.
------------------------------------------------------------------------
[ reply ]