From owner-freebsd-security Sun Oct 21 18: 0:57 2001 Delivered-To: freebsd-security@freebsd.org Received: from mercury.is.co.za (mercury.is.co.za [196.4.160.222]) by hub.freebsd.org (Postfix) with ESMTP id 2410837B401 for ; Sun, 21 Oct 2001 18:00:54 -0700 (PDT) Received: from c2-pta-69.dial-up.net (c2-pta-69.dial-up.net [196.34.158.197]) by mercury.is.co.za (Postfix) with ESMTP id 7D9813F5E; Mon, 22 Oct 2001 03:00:50 +0200 (SAST) Date: Mon, 22 Oct 2001 03:03:07 +0200 (SAST) From: The Psychotic Viper X-X-Sender: To: Andrew Johns Cc: CS , Subject: Re: KLD detectors In-Reply-To: <3BD34BD2.B33C7D29@kpi.com.au> Message-ID: <20011022025913.G26647-100000@lucifer.fuzion.ath.cx> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, On Mon, 22 Oct 2001, Andrew Johns wrote: > CS wrote: > > > > Hello, > > > > Does anyone know of a program for FreeBSD to look for "hidden" KLDs? > > > > I found this for linux: > > > > http://www.hsc.fr/ressources/breves/LKMrootkits.html > > > > But so far, nothing for FreeBSD. > > > > Thanks, > > > > CS > > > > I found this a while ago - have never looked into it myself - > just saved the URL for times like this. > > http://www.chkrootkit.org > > They have versions for most un*x's. better yet they in the ports /usr/ports/security/chkrootkit =) and have no idea on how to check for them but you could enable kernel secure levels (if the machine is not going to use X or any securelevelphobic software) which would limit the chance of being bitten by a stray module. Just its not the all-curing-fix but limits what you would need to look at/check to avoid such nasties. HTH, PsyV To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message