[nycbug-talk] Searching for suspect PHP files...
matt at atopia.net
Wed Mar 4 11:20:32 EST 2009
> Tripwire became a bloated beast nowadays. I'm using mtree(8) for
> checking files integrity and it is a very good tool for such job.
So say I wanted to check if an existing system of mine has been
compromised. I already know that chkrootkit is returning nothing, but
that's returning nothing with no source to compare to, so obviously
there's the potential there for error.
Should I compile world in /usr/src and use chkrootkit with a basedir of
the compiled binaries? Or should I use mtree, and if so, suggestions on
More information about the talk