Rootkits (Was: Re: [nflug] Another reason to not use M$ products...)
David W. Aquilina
david at starkindler.us
Wed Nov 2 16:32:06 EST 2005
On Wed, Nov 02, 2005 at 04:23:22PM -0500, Frank Kumro wrote:
> Honestly I have never heard about any rootkits for linux. Are they
> open source too? Im not looking for the source to run them I just want
> a better understanding of them.
Breaking this off into it's own thread...
Most rootkits do the same types of things regardless of the OS. The goals are often the same as well, mainly being to grant administrative access and to hide their own existance. One particular rootkit I've seen (called SucKIT) in the past worked by patching the running kernel via /dev/kmem, provided a root shell that could be connected to remotely, and could even hide that shell behind a port that was already being used by another process.
There's a couple different utilities that can check for rootkits, the ones I'm mainly aware of are rootkit hunter (http://www.rootkit.nl/projects/rootkit_hunter.html) and chkrootkit (http://www.chkrootkit.org/).
I might have a copy of SucKIT around, but the last time I tried it didn't work on RHEL 3 or 2.6 kernels.
--
David W. Aquilina
david at starkindler.us
_______________________________________________
nflug mailing list
nflug at nflug.org
http://www.nflug.org/mailman/listinfo/nflug
More information about the nflug
mailing list