[Asterisk-Users] Does Asterisk overwrite any libraries?
marrandy
marrandy at chaossolutions.org
Thu Dec 4 07:06:05 MST 2003
On Thursday 04 December 2003 08:27 am, PJ Welsh wrote:
> On Wed, Dec 03, 2003 at 10:42:40PM -0500, TeleSIP wrote:
> > A good rootkit will also modify the date and time of the replaced binaries
> > so they will look the same as the original.
> >
> > Try to replace your "ps" command with that from a trusted RH9 machine. If
> > it works ok then you must do a clean install to get rid of the rootkit.
>
> Using the RPM database for package verification is a good way to check, also
(better than date/time stamp). So:
>
> rpm -V procps
>
> procps is the package for ps and some other commands, "V" = verify the whole
package. This should NOT return ANY error or information. So, if you get
something like "S.5....T c /bin/ps" or ANYTHING else for THIS package youv'e
got a problem.
I would download and try http://www.chkrootkit.org/
This is pretty much the standard tool to use.
There are also good links under 'Related Links' towards the botom of the
page.
Regards...Martin
--
3rd Law of Computing:
Anything that can go wr
fortune: Segmentation violation -- Core dumped
More information about the asterisk-users
mailing list