[CentOS] TRD like tool for linux?

Les Mikesell lesmikesell at gmail.com
Wed Apr 16 15:33:48 UTC 2014


On Wed, Apr 16, 2014 at 9:57 AM, zep <zgreenfelder at gmail.com> wrote:
> so I found that one of my VM hosts seems to have been compromised in
> some way; I've shut it down, isolated it, found a few odd things like
> gibberish comments and odd hostnames that I don't recognise pointed back
> to 127.0.0.1 in /etc/hosts.  I tried TRD and it seems mildly useful, but
> has more of a windowsy feel for what it wants to be able to fix.   does
> anyone know of something with more linux rootkit detection as a focus?
> I could just rebuild this machine, but I'd like to know for sure what
> all/how bad this was broken so I can avoid it for next time.

Brute force sometimes works... If you have a backup from before the
issue, restore it somewhere and diff -r (or maybe rsync -av --delete
if it is remote) to find what changed.

-- 
  Les Mikesell
    lesmikesell at gmail.com



More information about the CentOS mailing list