[NCLUG] openssh

[Michael Dwyer]

Not cheaply...  No, I take that back:  Check out
http://www.chkrootkit.org/

nclug wrote:
> 
> We've seen a few "intrusions" lately on some of our client's machines
> also with similar hiddens.  Do you know of any good way to find all
> of the files and directories that have been hidden?
> 
> > -----Original Message-----
> > The rootkit wasn't very agressive ...
> >
> >       installed hooks in /etc/rc.d/rc.local,
> >       scripts in /etc/rc.d/init.d
> >       replaced binaries for ps, netstat, sshd
> >       and hid files under directories in /dev and /root
> >
> > The directory name under /root of ".. " was cute (note
> > trailing space).
> 
> I've also found some that were "..."
> _______________________________________________
> NCLUG mailing list
> NCLUG at nclug.org
> http://www.nclug.org/mailman/listinfo/nclug