Auditor: The security tool collection (Linux.com)
[Posted September 28, 2005 by ris]
Linux.com
takes a look
at the security tools in the live CD Auditor. "
Let's say you've been
called in to examine a possible compromised server, and until the integrity
of the server has been established you are not allowed to install any
forensic software or even take the server offline. You can take your
Auditor CD and start running the chkrootkit utility to see if any known
rootkits are installed on the server. If you find any suspicious activity,
you can take a disk image with the dd command and examine it for any
possible rootkits or strange processes."
(
Log in to post comments)