Welcome to the most active Linux Forum on the web.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 10-11-2010, 10:47 AM   #1
Senior Member
Registered: May 2008
Distribution: Slackware
Posts: 1,052

Rep: Reputation: 70
Where are good places to check for backdoors...

rc.scripts, cron jobs, what else?

Can hidden files be executed simply by going to a directory that has that hidden file inside it?
Old 10-11-2010, 11:29 AM   #2
Registered: Nov 2004
Location: San Bernardino, CA
Distribution: Gentoo, Arch, (RedHat4.x-9.x, FedoraCore 1.x-4.x, Debian Potato-Sarge, LFS 6.0, etc.)
Posts: 261

Rep: Reputation: 52
  1. No, just going into the directory that has a hidden (READ: dot ['.']) file does not execute that hidden file.
  2. Another place to check for hidden processes would be the PID folders under /proc and comparing them to the output of 'ps ax ' run as root to see if you have something running that isn't showing in the process list.
  3. Have you tried running 'rkhunter' or 'chkrootkit' on the system in question?

HTH. Let us know.
Old 10-11-2010, 11:42 AM   #3
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3599Reputation: 3599Reputation: 3599Reputation: 3599Reputation: 3599Reputation: 3599Reputation: 3599Reputation: 3599Reputation: 3599Reputation: 3599Reputation: 3599
BTW, is there any specific reason that makes you ask all of this?
Old 10-11-2010, 03:14 PM   #4
Registered: May 2005
Location: Northern VA
Distribution: Slackware, Ubuntu, FreeBSD, OpenBSD, OS X
Posts: 782
Blog Entries: 8

Rep: Reputation: 158Reputation: 158
The CERT Checklist may help.

In fact, there's the Security References thread that may have tidbits of information that could point you in the proper direction.
Old 10-11-2010, 03:26 PM   #5
Senior Member
Registered: May 2008
Distribution: Slackware
Posts: 1,052

Original Poster
Rep: Reputation: 70
Thanks guys. I'd like to get a better handle on security and I wanted to see where to check for any suspicious files.
Old 10-11-2010, 04:03 PM   #6
LQ Newbie
Registered: Oct 2010
Posts: 25

Rep: Reputation: 2
Well, generally, a backdoor is a process that enables remote access. You might use the netstat command to list the listening ports (e.g. netstat -l).
Of course, there could be a rootkit too, that has forged the netstat command to hide the backdoor port entry, so one have to be sure, that netstat is really what You expect it to be.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Where Are Some Good Places To Learn Command Lines NiCK_NaME Linux - Newbie 8 11-26-2008 08:52 AM
LXer: Quickly check for potential root-exploitable programs and backdoors. LXer Syndicated Linux News 0 10-31-2007 01:50 PM
Good places to buy distro cd's? thewonka General 17 12-17-2005 03:03 PM
BackDoors xowl Linux - Security 2 09-27-2005 04:16 PM
Trojans or backdoors? linuxgamer Linux - Newbie 7 01-04-2004 09:42 PM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 07:53 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration