LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Blogs
User Name
Password

Notices

Old

Unhide .spec (20100201 release)

Posted 02-27-2010 at 06:50 PM by unSpawn
Tags rpm, spec file

security-projects.com released version 2010/02/01 of Unhide, a forensic tool to find hidden processes and TCP/UDP ports by rootkits / LKMs or by another hidden technique. Here's a minimal spec if you want one:
Code:
# No debuginfo:
%define debug_packages	%{nil}
%define debug_package %{nil}

%define name unhide
# Version
%define ver 0.2
# Release
%define rel 1

%define _prefix /usr/local
%define _mandir /usr/local/share/man
...
Moderator
Posted in Uncategorized
Views 1026 Comments 0 unSpawn is offline
Old

Chkrootkit 0.49 modifications and notes

Posted 01-06-2010 at 06:03 PM by unSpawn
Tags chkrootkit

Chkrootkit 0.49 was released on 2009/07/30 and I sent some emails to the users mailing list and Nelson after it about changes. Realizing I never got word back I'll just post here. The patch below adds:
0) a new test called which utilizes '(/sbin/)ip' instead of 'ifconfig' because a sniffer (benign or malicious) does not need to have the interface in promiscuous mode (e.g.: 'ifconfig eth0 promisc && tcpdump -p -i any 2>&1>/dev/null &') and 'ip' detects and differentiates...
Moderator
Posted in Uncategorized
Views 1928 Comments 0 unSpawn is offline
Old

Rootkit Hunter 1.3.6 release

Posted 11-29-2009 at 11:53 AM by unSpawn

I'm pleased to announce the release of Rootkit Hunter version 1.3.6 (D/L link).

This release offers more ease of use (mainly through configuration options) and improved rootkit and malware checks. The change log lists 29 additions including 9 configuration options and details for 12 rootkits, 29 changes including improvements for 15 rootkit checks and 22 bugfixes. For more details please see the CHANGELOG. This release obsoletes all previous ones so please upgrade.

...
Moderator
Posted in Uncategorized
Views 1370 Comments 0 unSpawn is offline
Old

Rootkit Hunter 1.3.6 release imminent...

Posted 11-27-2009 at 05:45 PM by unSpawn
Updated 11-27-2009 at 05:50 PM by unSpawn

Us devs decided it's about time. Expect the 1.3.6 release this weekend...

For notable features see the changelog.
Moderator
Posted in Uncategorized
Views 1281 Comments 0 unSpawn is offline
Old
Rating: 2 votes, 5.00 average.

Logwatch, webserver logs, PHP malarky

Posted 10-03-2009 at 05:52 AM by unSpawn
Updated 04-01-2012 at 05:18 PM by unSpawn (//Enhanced logwatch/scripts/services/http diff, added Snort ET SID 2010920 rule and fail2ban regex example, fixed commas (thanks leslie_jones).)
Tags logwatch, patch, php

As I'm seeing more questions about (badly coded) web applications spawning rogue processes I wonder why people don't read their logs. Attacks require reconnaissance so keeping an eye on anything that looks like a prelude enables you to take measures. And please spend time updating when updates are released, installing apps properly (like not leaving the installation files around when docs remind you not to), hardening (any IDS, mod_security, Gotroot rulesets, mod_evasive or equivalent, PHPIDS, Suhosin,...
Moderator
Posted in Uncategorized
Views 3866 Comments 0 unSpawn is offline

  



All times are GMT -5. The time now is 03:04 PM.

Main Menu
Advertisement

My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration