http://www.Linux-Sec.net Hardening-Tightening Security_Policy Hardening-HOWTO Linux Distros Distro Patches Kernel-Patches Dedicated Servers Firewalls DNS Servers Mail Servers Web Servers Turn-Off Daemons Tighten Inetd Services Top-10 Vulnerabilities Top-7 Security Mistakes Top-10 Vulnerabilities Top-20 Most Critical Vulnerability Top-10 Virus Scans/Attacks Stats Top-10 Attacks Hacked Servers One Minute Audits OpenPorts Audit AntiVirus - AntiSpam Anti-Spam Anti-Virus spam.wav Wireless [In]Security Sniffers Security Tools SSH_SSL Firewalls MailServer FileSystem VPN Port Scan Detectors IDS Tools LogFile Analysis Ethernet Monitoring Server Monitoring Tracking & Forensics Hackers Tools Audit Tools Port Scanners Hacking Tools DDOS Tools Sniffer Tools Spoof Tools Exploits & Vulnerbilities Wireless Wireless [In]Security Misc Statistics Linux/BSD Distros Links,Articles,WatchDogs Security Mailing Lists/FAQs Liability Insurance 1U Rackmount Chassis Custom-Chassis.com Linux-1U.net 1U-ITX.net ITX-Blades.net Small PC cases Mini-Box.net Wrap-Box.net Wrap-OS.net Wan-Sim.net Linux-Consulting.com Linux-CAE.net Linux-Sec.net Linux-Boot.net Linux-Backup.net Linux-Wireless.org Linux-Office.net Linux-Video.net Linux-VOIP.net Linux-Jobs.net Linux-Diff.net 1U-Raid5.net Linux-Howto.net Spam Reporting Free Linux CDs ISO9660.org Distro-CD.org Patch-CD.org Contact Linux is a registered trademark of Linus Torvalds More Linux Legalese

Linux-Sec.net/RootKits Top-10 Common Security Mistakes Our Definition and Differences ( Exploits, Audits, PenTest, Vulnerabilities ) Mailing Lists Exploits Vulnerability Audit Hacking Tools PenetrationTest RootKits Detecting RootKits Trojans Rootkits : A way for the attacker to hide themself in your network/server You Should Have Saved Your System Before Going Online !!! Best to Save a copy of the original/clean system on cdrom Linux-1U.net/CDRW CD-RW-Howto -- or -- Save a copy somewhere safe w/ tar tar zcvf /cdrom_safe/bin.tgz /bin /sbin /usr/bin /usr/sbin tar zcvf /cdrom_safe/lib.tgz /lib /var/lib /usr/lib tar zcvf /cdrom_safe/etc.tgz /dev /etc /boot Compare the suspect binaries/libs with your original saved in /cdrom_safe cd / ; tar zdvf /cdrom_safe/bin.tgz Anything with a different MD5 is the hackers modified file Detecting RootKits ChkRootKit.org Check for signs of having been rootkit'd SourceForge.net checkps vancouver-webpages.com rkdet Sans.org Check for Ramen Symantec Ramen Removal HSC.fr Scan for Adore DartMouth.edu Adore, Lion, Ramen Removal LSAP Linux Security Audit Project NIPC.gov Lion KSTAT Defend against adore, knark FSAudit check your filesystem for suspicios directories/files Rookit.nl RootKit Hunter HostSentyry Login Anamoly Detection SecurityFocus.com ld.so.preload Stearns.org bobkit RkDet Checks for someone rootkitting your server RootKits Sans.org rootkit Definitions Securify.com List of rootkits COTSE.com RootKits DigitalOffense.net Worms about.com AntiVirus/Worms Washington.edu Rootkits Xcorps.net Rootkits Staff.washington.edu rootkits.faq UseNix.org rootkits LKM Hacking Scene.at Adore Sans.org Adore Sans.org tOrn PacketStorm Adore - attacks kernel modules Knark attacks kernel modules Sans.org knark Sans.org Lion Sans.org Torn Sans.org Adore WhiteHats.com Adm WhiteHats.com Lion WhiteHats.com Millennium WhiteHats.com Ramen Dartmuth.edu Ramenfind Xcalibre.com eggdrop Prestige.net Torn, LKM, KNARK, etc DigitalOffense.net Worms lockeddown.net Torn agent.fbi.cz Suckit TuxTendo.nl TuxKit LJK2 canaries Insecure.org Exploit Description and Tests Shaft Analysis RootKits-Desc.txt Hunt Exploit well known tcp/ip vulnerability Infinity Perl/Tk Scanner unsekure.com.br jmscan UnixHQ.org AllDas.de TeleKit AllDas.de yoyo AllDas.de rh-7.0 lpd Kryptocrew.de BED - BruteForce Exploit Detector Trojan Exploiting Tools Sans.org List of Ports and Trojans Trojans and ports attacked Mystic Common Trojan Ports Onctek TrojanPorts Sys-Security.com Trojan List Simovits.com Trojans List LiquidMatrix.org Dark-E.com TLSecurity.net Copyright © 2000 Linux-Consulting All Rights Reserved. Updated: Tue Jul 8 07:57:21 2008 PDT