Rootkit Hunter

[Florian Diesch]

Brian Fahrlander <brian at fahrlander.net> wrote:

> Martin Marcher wrote:
>
>> afaik, unix rootkits aren't quite the same as windows viruses most of
>> them are carefully handcrafted and targeted at being invisible and also
>> keeping a backdoor open, not doing something that would kills your data.
>
>    Has anyone written a root kit as a 'hypervisor', to keep an eye on a
> Linux box?  A white-hat tool for overseeing the whole show, so such a
> program can't be installed?

That has to be done at kernel level.
There are kernel security enhancements like SELinux where you can
restrict even root's privileges and this way make it impossible for an
attacker to install anything. Of course this means that you have to
reboot anytime before and after updating or installing software.


There are other tools like samhain that try to detect at least if
someone is intruding you system.

   Florian
-- 
<http://www.florian-diesch.de/>