On Wed, 22 Oct 2003 12:35:38 -0500 (CDT) "Jim Streit" <jimstreit at northlans.com> wrote: > Kinda back to the origin message (sorry chickens...) How does a person go > about finding if their machine has a rootkit? As others have said, chkrootkit is very good at this. Make sure you get the *latest* one, of course. If possible, boot from a recovery CD or floppy to perform the checks.. I'm not up to date on the issues surrounding kernel mods, but to play it safe, I would want to be running a known-clean kernel to perform the checks. On a personal note, I've never been rooted but once - and that was when I accidentally left open an sshd on my firewall, with a default password set - so I don't really count it, no surprise there. By the time I remembered my error, it was already owned. BUT - I know that eventually, my time will come.. and you know what? I won't blame anyone but myself. It's natural to want to point fingers at 'bad people', but in the end, pragmatism tells me that the energies are best directed to self-improvement, if my goal is actually better security, not just finding someone to demonize in hopes of salvaging ego. -L _______________________________________________ TCLUG Mailing List - Minneapolis/St. Paul, Minnesota http://www.mn-linux.org tclug-list at mn-linux.org https://mailman.real-time.com/mailman/listinfo/tclug-list