RootKits Attacking YDL

Andrew yellowdog-general@lists.terrasoftsolutions.com
Mon May 17 22:23:01 2004 

On Mon, 2004-05-17 at 22:09, bruce woller wrote:
> http://freshmeat.net/projects/rkhunter/
> ?branch_id=46074&release_id=158995

I have this software installed since a couple of months. I have run it
twice or so. SEAM to work  ok, never detected anything. Anyway, I never
trusted such softwares for my security concern. To my eyes, this 'tool'
is as useful as a submarine in space. Anyone is able to download and
install and use 'security' software(s) FROM the internet? This mean
malicious hackers can, too, then find a way around it.. You have to run
it, as root, and wait for the results to return. If someone successfully
installed a rootkit in your box, odds are that he/she can (and will)
know that you have rkhunter installed as well and diseable/delete it.
Check out FAM <http://oss.sgi.com/projects/fam/>. Thats what I would
use...

> On Monday, May 17, 2004, at 07:15  PM, Michael and Marilyn Cherry wrote:
> 
> > Is YDL susceptible to a root kit attack, or is the somewhat obscurity  
> > of the PPC processor make it less of a risk.

Yes, a bit safer since there is a LOT fewer PPC than X86 out there...
But this is very relative. IMHO and AFAIK yellowdog is no more, no less
secure than any distro. "Its what you make it, man, its what you make
it.." ;)
 
> > Is there a safe or known root kit detection tool for YDL, and how do  
> > you know a root kit detection tool is safe?
> >  
> > Thanks
> > Michael

rkhunter seam to be quite popular. This probly mean its a good software.
But HOW to make sure it *is* working? LOL...I would log on a IRC channel
know to be visited by hackers and BE A REAL FUCK3R then wait...If you
did it right, it shouldnt take long at all! You'll have your mind fixed
in no time!

but no kidding, don't do that... ;)

> ___________________________________
> yellowdog-general mailing list
> yellowdog-general@lists.terrasoftsolutions.com
> http://lists.terrasoftsolutions.com/mailman/listinfo/yellowdog-general
> HINT: to Google archives, try  '<keywords> site:terrasoftsolutions.com'