In looking through some old threads I came across a post that said:
Quote:
A good test of your system's integrety is:
ls -blaRt /dev |grep "^-"
There should only be a MAKEDEV file in the output. If you have more, your system is most likely compromised.
|
I've run it on this, my main box, and 3 other boxen so far. All but my
main system here only returned MAKEDEV* and README.MAKEDEV,
but this box returned a lot of screens of output, similar to:
[code]-rw-r--r-- 1 root root 43 2005-03-22 15:54 class\@graphics\@fb0
-rw-r--r-- 1 root root 44 2005-03-22 15:54 class\@input\@mice
-rw-r--r-- 1 root root 36 2005-03-22 15:54 class\@mem\@zero
-rw-r--r-- 1 root root 36 2005-03-22 15:54 class\@mem\@kmem
-rw-r--r-- 1 root root 36 2005-03-22 15:54 class\@mem\@kmsg
-rw-r--r-- 1 root root 34 2005-03-22 15:54 class\@mem\@mem
-rw-r--r-- 1 root root 36 2005-03-22 15:54 class\@mem\@null
-rw-r--r-- 1 root root 36 2005-03-22 15:54 class\@mem\@port
-rw-r--r-- 1 root root 40 2005-03-22 15:54 class\@mem\@random
-rw-r--r-- 1 root root 42 2005-03-22 15:54 class\@mem\@urandom
-rw-r--r-- 1 root root 36 2005-03-22 15:54 class\@mem\@full
-rw-r--r-- 1 root root 38 2005-03-22 08:27 class\@usb\@lp0
-rw-r--r-- 1 root root 40 2005-03-22 07:54 class\@vc\@vcs7
-rw-r--r-- 1 root root 43 2005-03-22 07:54 class\@vc\@vcsa7
-rw-r--r-- 1 root root 43 2005-03-22 07:54 class\@vc\@vcsa5
-rw-r--r-- 1 root root 40 2005-03-22 07:54 class\@vc\@vcs5
-rw-r--r-- 1 root root 43 2005-03-22 07:54 class\@vc\@vcsa6
-rw-r--r-- 1 root root 40 2005-03-22 07:54 class\@vc\@vcs6
-rw-r--r-- 1 root root 43 2005-03-22 07:54 class\@vc\@vcsa3
-rw-r--r-- 1 root root 40 2005-03-22 07:54 class\@vc\@vcs3
-rw-r--r-- 1 root root 43 2005-03-22 07:54 class\@vc\@vcsa4
-rw-r--r-- 1 root root 40 2005-03-22 07:54 class\@vc\@vcs4
-rw-r--r-- 1 root root 43 2005-03-22 07:54 class\@vc\@vcsa2
-rw-r--r-- 1 root root 40 2005-03-22 07:54 class\@vc\@vcs2
-rw-r--r-- 1 root root 48 2005-03-22 07:54 class\@sound\@adsp
-rw-r--r-- 1 root root 51 2005-03-22 07:54 class\@sound\@audio
-rw-r--r-- 1 root root 45 2005-03-22 07:54 class\@sound\@dsp
-rw-r--r-- 1 root root 51 2005-03-22 07:54 class\@sound\@mixer
-rw-r--r-- 1 root root 48 2005-03-22 07:54 class\@input\@mouse0
-rw-r--r-- 1 root root 52 2005-03-22 07:54 class\@sound\@controlC0
-rw-r--r-- 1 root root 50 2005-03-22 07:54 class\@sound\@pcmC0D0c
-rw-r--r-- 1 root root 38 2005-03-22 07:54 class\@sound\@midi
-rw-r--r-- 1 root root 50 2005-03-22 07:54 class\@sound\@pcmC0D0p
-rw-r--r-- 1 root root 50 2005-03-22 07:54 class\@sound\@pcmC0D1c
-rw-r--r-- 1 root root 50 2005-03-22 07:54 class\@sound\@pcmC0D2c
-rw-r--r-- 1 root root 50 2005-03-22 07:54 class\@sound\@pcmC0D2p
-rw-r--r-- 1 root root 42 2005-03-22 07:54 class\@sound\@dmmidi
-rw-r--r-- 1 root root 50 2005-03-22 07:54 class\@sound\@midiC0D0
-rw-r--r-- 1 root root 40 2005-03-22 07:54 class\@sound\@amidi
-rw-r--r-- 1 root root 50 2005-03-22 07:54 class\@sound\@midiC0D1
-rw-r--r-- 1 root root 46 2005-03-22 07:54 class\@sound\@hwC0D0
-rw-r--r-- 1 root root 44 2005-03-22 07:54 class\@sound\@admmidi
-rw-r--r-- 1 root root 44 2005-03-22 07:54 class\@sound\@timer
-rw-r--r-- 1 root root 45 2005-03-22 07:54 class\@nvidia\@nvidia0
-rw-r--r-- 1 root root 49 2005-03-22 07:54 class\@nvidia\@nvidiactl
-rw-r--r-- 1 root root 43 2005-03-22 07:54 class\@vc\@vcsa1
-rw-r--r-- 1 root root 40 2005-03-22 07:54 class\@vc\@vcs1
mingdao@james:~$[/quote]
I'm going to boot with my Knoppix-STD and run chkrootkit, but I just
wanted to know if anyone can verify this information?
Of these 4 boxen, there are 3 Slack-10.1 and one Slack-10.0 machine.
This one has a 2.6.11.5 kernel I compiled today - all others have 2.4.x
