From owner-freebsd-security Tue May 29 11:41: 6 2001 Delivered-To: freebsd-security@freebsd.org Received: from globalrelay.com (h216-18-71-77.gtcust.grouptelecom.net [216.18.71.77]) by hub.freebsd.org (Postfix) with ESMTP id B7F9237B422 for ; Tue, 29 May 2001 11:41:02 -0700 (PDT) (envelope-from lists@globalrelay.net) Received: from [10.2.0.6] (HELO hpvl4002) by globalrelay.com (CommuniGate Pro SMTP 3.4b7) with SMTP id 483308; Tue, 29 May 2001 11:41:02 -0700 Message-ID: <01a601c0e86e$bfd137a0$0600020a@frontend> From: "Eric Parusel" To: "Lim Seng Chor" , References: <3B145A16.26692.847EDF@localhost>; from Lim Seng Chor on Wed, May 30, 2001 at 02:25:28AM +0800 <3B145C04.31331.8C0610@localhost> Subject: Re: freebsd rootkit Date: Tue, 29 May 2001 11:39:30 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > sorry, you all misunderstood me... : ( > > i am the system admin of my site here, and i am suspecting my > user is compromising my system files. i would like to check on > what the files availble in rootkit, and see whether my users are > using that or not. > it is just for security audit purpose.... > > stop xxxxxxx me please.... > I realize that hindsight is 20/20, but properly set up tripwire or a tripwire-like software package (AIDE, mtree?) would have worked wonders in this situation.... Oh, and: http://www.google.com/search?q=freebsd+rootkit Eric Parusel To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message