Post #193,290
2/6/05 5:56:17 PM
|
to check if you have been rooted
put in knoppix disk while machine is running. Get to a command prompt and run the ps -ef command giving the explicit path to the cdrom version. Match the output from the machine ps -ef. Should be the same, if not yer rooted.
regards,
daemon
I love her dearly, far beyond any creature I've ever known, and I can prove it, for never once in almost seventy years of married life have I taken her by the throat. Mind you, it's been a near thing once or twice.
George Macdonald Frasier
Clearwater highschool marching band [link|http://www.chstornadoband.org/|http://www.chstornadoband.org/]
|
Post #193,294
2/6/05 6:04:06 PM
|
Ah, too easy, will do
===
Purveyor of Doc Hope's [link|http://DocHope.com|fresh-baked dog biscuits and pet treats].
[link|http://DocHope.com|http://DocHope.com]
|
Post #193,466
2/7/05 4:13:45 PM
|
Unless they've hacked ps...
and replaced with one that 'hides' the nasty processes.
hmm...golem....nasty processes...yesss
|
Post #193,467
2/7/05 4:20:23 PM
|
That's the point behind the Knoppix CD, if I read that right
|
Post #193,474
2/7/05 5:10:22 PM
|
Yup, known good version of the gnu tools
===
Purveyor of Doc Hope's [link|http://DocHope.com|fresh-baked dog biscuits and pet treats].
[link|http://DocHope.com|http://DocHope.com]
|
Post #193,469
2/7/05 4:29:16 PM
|
ObNit
Gollum:
[image|http://guildenstern.dyndns.org/tmp/gollum.jpg||||]
Golem:
[image|http://guildenstern.dyndns.org/tmp/golem.jpg||||]
Peter
[link|http://www.ubuntulinux.org|Ubuntu Linux]
[link|http://www.kuro5hin.org|There is no K5 Cabal]
[link|http://guildenstern.dyndns.org|Home]
Use P2P for legitimate purposes!
|
Post #193,470
2/7/05 4:33:01 PM
|
Separated at 'birth'?
[link|http://forfree.sytes.net|
] Imric's Tips for Living
- Paranoia Is a Survival Trait
- Pessimists are never disappointed - but sometimes, if they are very lucky, they can be pleasantly surprised...
- Even though everyone is out to get you, it doesn't matter unless you let them win.
|
Nothing is as simple as it seems in the beginning,
As hopeless as it seems in the middle,
Or as finished as it seems in the end.
|
|
Post #193,495
2/7/05 7:26:00 PM
|
No joy
Knoppix is a huge binary. The tools aren't there in any useable way, unless I can boot it in a chroot somehow. Hmm ...
===
Purveyor of Doc Hope's [link|http://DocHope.com|fresh-baked dog biscuits and pet treats].
[link|http://DocHope.com|http://DocHope.com]
|
Post #193,497
2/7/05 7:41:36 PM
|
I think Knoppix Hacks covers this.
Unfortunately, my copy isn't handy. O'Reillys' [link|http://www.oreilly.com/catalog/knoppixhks/|page] doesn't cover it in their samples. [link|http://www.inside-security.de/INSERT_en.html|Inside Security Rescue Toolkit] is a Knoppix-based distro that seems to do what you are looking for: computer forensics (e.g. [link|http://www.chkrootkit.org/|chkrootkit], [link|http://www.rootkit.nl/projects/rootkit_hunter.html|rootkit hunter]) I haven't used either of those tools, nor ISRT. HTH. Cheers, Scott.
|
Post #193,505
2/7/05 8:53:07 PM
|
It is a compressed loop filesystem file.
Formatted as xfs I think.
-- [link|mailto:greg@gregfolkert.net|greg], [link|http://www.iwethey.org/ed_curry|REMEMBER ED CURRY!] @ iwethey[link|http://it.slashdot.org/comments.pl?sid=134485&cid=11233230|"Microsoft Security" is an even better oxymoron than "Miltary Intelligence"] No matter how much Microsoft supporters whine about how Linux and other operating systems have just as many bugs as their operating systems do, the bottom line is that the serious, gut-wrenching problems happen on Windows, not on Linux, not on Mac OS. -- [link|http://www.eweek.com/article2/0,1759,1622086,00.asp|source]
|
Post #193,512
2/7/05 9:24:55 PM
|
if you have ftp access to knight, grab /usr/local/bin/ps
I love her dearly, far beyond any creature I've ever known, and I can prove it, for never once in almost seventy years of married life have I taken her by the throat. Mind you, it's been a near thing once or twice.
George Macdonald Frasier
Clearwater highschool marching band [link|http://www.chstornadoband.org/|http://www.chstornadoband.org/]
|
Post #193,526
2/7/05 10:12:42 PM
|
No FTP on knight.... SCP yes.
-- [link|mailto:greg@gregfolkert.net|greg], [link|http://www.iwethey.org/ed_curry|REMEMBER ED CURRY!] @ iwethey[link|http://it.slashdot.org/comments.pl?sid=134485&cid=11233230|"Microsoft Security" is an even better oxymoron than "Miltary Intelligence"] No matter how much Microsoft supporters whine about how Linux and other operating systems have just as many bugs as their operating systems do, the bottom line is that the serious, gut-wrenching problems happen on Windows, not on Linux, not on Mac OS. -- [link|http://www.eweek.com/article2/0,1759,1622086,00.asp|source]
|
Post #193,532
2/7/05 11:23:43 PM
|
Different compile, wrong libproc
Will download some gnu stuff and burn it at work. Based on some feedback on jabber I'm not too worried any more, but would like to have the utils on a disk anyway.
===
Purveyor of Doc Hope's [link|http://DocHope.com|fresh-baked dog biscuits and pet treats].
[link|http://DocHope.com|http://DocHope.com]
|
Post #193,603
2/8/05 12:22:52 PM
|
You are forgetting about...
My other machines; lord, king both on unstable as we speak.
Not to mention my Alpha. Nor my other two I'll be picking up in NY later this month to early next month. 2 - DEC4100 Alpha Servers with 4 Procs each, 2.5GB and 4GB of Memory, each has drawers and drawers of StorageWorks Disks. Hell just the Storage works alone is worth the drive (to me).
See these machines coming to a ipaddr near you.
-- [link|mailto:greg@gregfolkert.net|greg], [link|http://www.iwethey.org/ed_curry|REMEMBER ED CURRY!] @ iwethey[link|http://it.slashdot.org/comments.pl?sid=134485&cid=11233230|"Microsoft Security" is an even better oxymoron than "Miltary Intelligence"] No matter how much Microsoft supporters whine about how Linux and other operating systems have just as many bugs as their operating systems do, the bottom line is that the serious, gut-wrenching problems happen on Windows, not on Linux, not on Mac OS. -- [link|http://www.eweek.com/article2/0,1759,1622086,00.asp|source]
|
