[BlueOnyx:02315] Protection Against Root Toolkit Attack
Phil Hamer
phil at magma-group.co.uk
Tue Sep 8 16:31:53 -05 2009
Hi Guys.
Does anyone think that a Root Toolkit Detection system would be beneficial
on a BO server?
I am looking at Rkdet, chkrootkit, Tripwire, psionic and similar software
one of which should run ok with a little configuration.
I have been told (although I can not verify just how true that it is) that a
good packet sniffer could possibly build a set of usernames and passwords
for a linux system.
I already run fail2ban and use the inbuilt Pam intrusion protection but
guess that would not afford protection against a root toolkit attack.
If you could offer some brief advice it would be greatly received.
Phil.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20090908/5616f73c/attachment.html>
More information about the Blueonyx
mailing list