Re: /bin/login listening?

On 2007-07-29, Douglas Allan Tutty <dtutty@porchlight.ca> wrote:
> On Sun, Jul 29, 2007 at 12:48:16PM +0000, Tyler Smith wrote:
>> On 2007-07-29, Jeff D <fixedored@gmail.com> wrote:
>
>> I ran rkhunter again, and then for good measure I aptitude --purged
>> it, reinstalled, and ran again. And then I thought maybe the whole
>> thing was compromised, so I purged it again, installed rkhunter 1.30
>> from sourceforge, and ran again. And I also ran chkrootkit. In all
>> cases they showed nothing happening, except for warning me that some
>> of my /bin executables had been replaced by scripts -- stuff like
>> egrep, fgrep etc.
>>
>> So perhaps it was just a false positive. I'm going to read up on
>> security stuff now, so maybe I'll have some idea how to proceed the
>> next time.
>>
>
> Its tricky. If you have been rooted, you can't trust anything on the
> system, including aptitude. As for reading, try the package harden-doc.
>

That's what I was thinking. But is there any way a rootkit could interfere with my downloading and compiling from source? I was hoping that doing things 'by hand' would limit the possibilities for compromising the result.

I will look at harden-doc. I'm working through the Linux how-to security quick start at the moment.

Thanks,

Tyler  

-- 
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org