On Wed, 6 Jun 2001, Davis, Scott wrote: > I am in the process of writing a perl script that will look for known root > kits on a *nix systems. > A) Does anyone know if this script already exists ? (Don't want to > invent the wheel a second time) There are a couple. "chkrootkit" is specific to various rootkits, and "ramenfind" is geared more towards Linux worm detection/cleanup. > B) Does anyone know a site that has all of the know r00t kits > listed and what files to look for ? I don't know of one that claims to have *all known* rootkits (especially not trivial variants). I just updated some links in the following paper, which should help you: http://staff.washington.edu/dittrich/misc/faqs/rootkits.faq -- Dave Dittrich Computing & Communications dittrichat_private University Computing Services http://staff.washington.edu/dittrich University of Washington PGP key http://staff.washington.edu/dittrich/pgpkey.txt Fingerprint FE 97 0C 57 08 43 F3 EB 49 A1 0C D0 8E 0C D0 BE C8 38 CC B5
This archive was generated by hypermail 2b30 : Wed Jun 06 2001 - 16:04:47 PDT