[olug] Security breach?

Jay Bendon jaybocc2 at gmail.com
Wed Jun 6 20:46:29 UTC 2012 

there used to be a couple live cds that did that, but you could definately
make your own.  Also there was a set of tools you could install that would
take a snapshot and then you would later boot with a livecd and compare the
snapshot, i cannot recall names though atm.
--Jay


On Wed, Jun 6, 2012 at 3:10 PM, <aric at omahax.com> wrote:

> Is there something that does a hash compare of all the binaries, installed
> packages, etc. and can be ran from removable, bootable media?
>
> > Given that your computer is compromised, reinstall. You don't know
> > what binaries have been replaced, rootkit-style. Sure you can do
> > something along the lines of "md5sum `which md5sum`, although if I
> > were to write a rootkit, that's one of the things I would patch to
> > avoid my own binaries.
> >
> > On Tue, Jun 5, 2012 at 4:20 PM,  <aric at omahax.com> wrote:
> >> I would be surprised if you or your system was the cause.  I recommend
> >> looking at the email message headers to see where it came from.  You
> >> also
> >> may want to sniff your network to see if you are sending stuff out or
> >> scanning for port 25 connections.
> >>
> >>> I'm running MandrivaLinux x64 2011 (KDE4) updated behind a commercial
> >>> Trendnet
> >>> router.
> >>>
> >>> I notice I've begun receiving spam emails supposedly from people in my
> >>> address
> >>> book (thunderbird).  When I run 'top' I don't find any obvious intruder
> >>> files.  Having received three of these now, all from different
> >>> addresses
> >>> and
> >>> people, I suspect my computer is compromised.
> >>>
> >>> This prompted me to check my security settings.  Turns out I had left
> >>> the
> >>> firewall down from my last full re-install a couple of weeks ago.  It's
> >>> back up.
> >>>
> >>> Any suggestions for ridding a Linux system of malware?
> >>>
> >>>      Jack
> >>> _______________________________________________
> >>> OLUG mailing list
> >>> OLUG at olug.org
> >>> https://lists.olug.org/mailman/listinfo/olug
> >>>
> >>
> >> _______________________________________________
> >> OLUG mailing list
> >> OLUG at olug.org
> >> https://lists.olug.org/mailman/listinfo/olug
> > _______________________________________________
> > OLUG mailing list
> > OLUG at olug.org
> > https://lists.olug.org/mailman/listinfo/olug
> >
>
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> https://lists.olug.org/mailman/listinfo/olug
>

More information about the OLUG mailing list