nanog mailing list archives
Re: Security Guideance
From: Curtis Maurand <cmaurand () xyonet com>
Date: Wed, 24 Feb 2010 08:03:23 -0500
On 2/23/2010 5:38 PM, Nathan Ward wrote:
See if you can get a binary of busybox which has those tools and they're all contained in the binary. It should run from any folder.Using lsof, netstat, ls, ps, looking through proc with ls, cat, etc. is likely to not work if there's a rootkit on the box. The whole point of a rootkit is to hide processes and files from these tools. Get some statically linked versions of these bins on to the server, and hope they haven't patched your kernel.
http://busybox.net Very handy. --Curtis
Current thread:
- RE: Security Guideance, (continued)
- RE: Security Guideance Matt Sprague (Feb 23)
- Message not available
- Re: RE: Security Guideance Paul Bosworth (Feb 23)
- Re: Security Guideance Michael Holstein (Feb 23)
- Re: Security Guideance Chris Adams (Feb 23)
- RE: Security Guideance Adam Stasiniewicz (Feb 23)
- Re: Security Guideance Aaron L. Meehan (Feb 24)
- RE: Security Guideance Matt Sprague (Feb 23)
- Re: Security Guideance Dan White (Feb 23)
- Re: Security Guideance acv (Feb 23)
- Re: Security Guideance Nathan Ward (Feb 23)
- RE: Security Guideance Joe (Feb 23)
- Re: Security Guideance Curtis Maurand (Feb 24)
- Re: Security Guideance Valdis . Kletnieks (Feb 23)
- Re: Security Guideance Joel Esler (Feb 23)