[NCLUG] openssh

nclug nclug at nestegg.com
Tue Jan 15 09:46:23 MST 2002


We've seen a few "intrusions" lately on some of our client's machines
also with similar hiddens.  Do you know of any good way to find all
of the files and directories that have been hidden?

> -----Original Message-----
> The rootkit wasn't very agressive ...
> 
> 	installed hooks in /etc/rc.d/rc.local,
> 	scripts in /etc/rc.d/init.d
> 	replaced binaries for ps, netstat, sshd
> 	and hid files under directories in /dev and /root
> 
> The directory name under /root of ".. " was cute (note 
> trailing space).

I've also found some that were "..."



More information about the NCLUG mailing list