Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
That's beautifull. Like hallmark card beautifull, really.
That left me wondering if "hallmark card beautifull" is a qualitatively better or worse description compared to a "Kodak moment". What's more, it makes me wonder what the counterpart to this all should be. it is not without reason the ancient greeks (are sposed to have) said, "beauty is not without terror".
what ever happened to Mr. wind? lol
After his incursion at 07:54:00 AM UTC he wandered off the LZ at +600.
He's MIA ever since.
You really should write to Reader's Digest...they have a page for people like you
I'm afraid I haven't got time to write quality articles for your favourite magazine, I'm sorry.
hmmm, what if he/she wanted to take up some security practices and learn how to attack/defend his own boxes? In which case there's nothing wrong with asking where to find a rootkit with the proper explanation. If it's for malicious purposes, then I hope you find what you're looking for and I also hope the feds/whoever find who they are looking for as well when you mess up
hmmm, what if he/she wanted to take up some security practices and learn how to attack/defend his own boxes?
Wrt our userbase:
I. See the LQ rules. #9 IIRC.
II. Using LRK's isn't in the newbie and intermediate security "best practices" AFAIK. It's deliberately degrading security and we do not promote that.
III. The stuff isn't impossible to find. If you can't find the info then I'm asserting you don't know zilch about security as well. If you don't know zilch about security then I assert you won't be using LRK's responsably either.
IV. If you're gonna play with LRK's, do it in a controlled test env. Using it to "test" a live box is irresponsible and has *nothing* to do with security.
Usually it ends by me closing these type of threads and give the member a chance to convince me by email their req's are legit. This time I tried to DoS the thread :-]
Sorry for resurrecting, I found this link on a post in another thread that got closed.
I understand the desire - I used to be a recent Windows convert and wannabe hacker too. Two things though:
a) Rootkits aren't illegal, but installing them on someone else's machine is highly illegal. For example, if I want to make a rootkit just for the fun of it, that's fine so long as I only put it on my machine. If you want to do some sort of thing where you let others use a computer you own to check their e-mail and such (like a public computer terminal at your business or something) that's fine - IF you make sure they are told that you are watching what they're doing, otherwise you're looking for a lawsuit.
It's a federal offense to put a rootkit (or keylogger, or any other such malicious software) on someone else's computer without them knowing and approving.
b) It's not easy. In Linux, major vulnerabilities are patched up pretty quick, especially any holes big enough to let you sneak in a whole rootkit. Debian, Red Hat, SuSE, etc. all have solid distribution setups that allow admins to update all software quickly and fairly painlessly - and are set up in such a way that these updates go out to everyone, and real quick too. Since on many setups all software on the system comes from these repositories, that means that all software stays fairly well-patched on most system. Also, most Linux/UNIX people tend to have more knowledge about and interest in computer security than Windows or Mac users.
So you'll have a tough time finding a computer you can get into unless you've found a server with an admin who got lazy on updates, or you found a glitch in the latest patch of a given software.
If all that didn't turn you off to the idea, know this: programming-wise, it's not easy to make a rootkit. The reason they're so potentially dangerous is that they're sneaky and obtrusive. They mimic the capabilities of other software to go undetected, so they don't break any system software that depended on whatever program they just replaced, and in order to be obtrusive they try to do this to common software that is used by the system and kept running 24/7. They do whatever they need/want to get whatever data they're collecting, but they try to do so in a way that won't be detected by the user or other software.
Making software that can hide itself from both the system and the user is tough - possible but tough. In Linux the tools required to protect yourself from such things is available right from your distro's repos. You can monitor the file system, as well as individual files and directories, for changes; set up a very solid firewall, often with a simple GUI tool; set up antivirus and antirootkit software; monitor network traffic, memory usage, etc. . . there's virtually every tool you need for rock-solid security, it's just a matter of reading (and understanding) the docs to set them up right.
If you are setting up a rootkit on your own machine, of course, you don't need to worry about that - but usually that's not what people want with a rootkit.
Considering that the OP has been off the LQ radar for the past three years, and that this thread was on the brink of closure almost five years ago, I'm laying this thread to rest.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.