[clue-tech] rootkit detection
Jeff Cann
jccann at gmail.com
Tue Nov 1 05:03:14 MST 2005
One of our DMZ webservers had an unexpected failure the other day. Tomcat
just flat stopped running. It dumped a core file and I think it was just a
bug. But, I'm paranoid, so I used 'rkhunter' to check for a root kit. My
thought was someone found a tomcat exploit [I'm not aware of any] that
crashed it. Or an attempt caused the crash. Or it was just a plain-old
crash.
I used rkhunter which showed no problems. I'm wondering if I should run other
detection measures? Perhaps running chkrootkit *and* rkhunter? Maybe I'm
just paranoid. This box is fairly hardened, with only ports 80, 25, 22 open.
We're running tomcat, postfix, and openssh on those ports.
I appreciate any suggestions,
Jeff
--
Great spirits have always encountered violent opposition from mediocre minds.
- Albert Einstein
_______________________________________________
CLUE-tech mailing list
CLUE-tech at cluedenver.org
http://cluedenver.org/mailman/listinfo/clue-tech
More information about the clue-tech
mailing list