Security Basics mailing list archives
Re: Solaris 10 - Rootkit detection
From: "J. Oquendo" <sil () infiltrated net>
Date: Tue, 04 Aug 2009 11:54:47 -0400
arpitchaudhary1986 () gmail com wrote:
Hi, I am working on Rootkit Detection on Solaris 10 OS on Spaarc. I am using two tools for the same - rkhunter and chkrootkit. The output of the tools say that there is no rootkit. However, my system binaries are behaving suspiciously and I doubt that rootkits might be present. Please suggest me with some good tool(free or minimally paid) for detecting Rootkits on Solaris 10. Alternatively, if you know of other good approach towards the same, I would be glad to hear that. Thanks, Arpit ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Samhain will help you by checking the integrity of your files provided you have clean files on hand. It will tell you of any changes http://www.la-samhna.de/samhain/s_download.html As for your system binaries behaving suspiciously: A quick lsof | awk '/TCP|UDP/{print $1"\t"$7,$8 | "sort"}'|uniq will show you any binaries listening and what they're connected to, might be a starting point unless you're deeply rooted or something. Firewall rules go a long way. Block out all, allow in what you need in. Anyhow bottom line, Samhain or OSSEC should suffice. -- =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo SGFA, SGFE, C|EH, CNDA, CHFI, OSCP "It takes 20 years to build a reputation and five minutes to ruin it. If you think about that, you'll do things differently." - Warren Buffett 227C 5D35 7DCB 0893 95AA 4771 1DCE 1FD1 5CCD 6B5E http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x5CCD6B5E ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Solaris 10 - Rootkit detection arpitchaudhary1986 (Aug 04)
- Re: Solaris 10 - Rootkit detection J. Oquendo (Aug 05)
- Re: Solaris 10 - Rootkit detection arpunk (Aug 05)
- Re: Solaris 10 - Rootkit detection Brad Edmondson (Aug 05)
- Re: Solaris 10 - Rootkit detection Tim Pretlove (Aug 05)