[sf-lug] Hacked RHEL4/PHP4 server

Tom Haddon tom at greenleaftech.net
Thu May 22 11:03:53 PDT 2008

On Thu, 2008-05-22 at 10:47 -0700, Rick Moen wrote:
> Quoting Kristian Erik Hermansen (kristian.hermansen at gmail.com):
> > Just realize that even if the system utilities don't appear to be
> > trojaned, an attacker could have loaded a malicious kernel module
> > which has patched the syscall table and is filtering all requests your
> > binaries make...
> Yes, of course.  There are standard rootkits that do that.  That's why the
> only truly sound way to examine a suspect system is to boot different,
> trusted media and mount the system's filesystems without running its
> code -- but good luck doing that on a virthost.

Yep... I think Verio should be able to do this, but whether they will is
a different matter...

> _______________________________________________
> sf-lug mailing list
> sf-lug at linuxmafia.com
> http://linuxmafia.com/mailman/listinfo/sf-lug

More information about the sf-lug mailing list