[sf-lug] Hacked RHEL4/PHP4 server
tom at greenleaftech.net
Thu May 22 11:03:53 PDT 2008
On Thu, 2008-05-22 at 10:47 -0700, Rick Moen wrote:
> Quoting Kristian Erik Hermansen (kristian.hermansen at gmail.com):
> > Just realize that even if the system utilities don't appear to be
> > trojaned, an attacker could have loaded a malicious kernel module
> > which has patched the syscall table and is filtering all requests your
> > binaries make...
> Yes, of course. There are standard rootkits that do that. That's why the
> only truly sound way to examine a suspect system is to boot different,
> trusted media and mount the system's filesystems without running its
> code -- but good luck doing that on a virthost.
Yep... I think Verio should be able to do this, but whether they will is
a different matter...
> sf-lug mailing list
> sf-lug at linuxmafia.com
More information about the sf-lug