[nycbug-talk] Searching for suspect PHP files...

Matt Juszczak matt at atopia.net
Mon Mar 9 19:53:20 EDT 2009


> Not really.  mtree(8) by default takes into account mtime, so if you
> rebuilt the system at any given time, you need to start from scratch
> with the new fresh specification file.

OK.  Surely there's a way to check out a system where this procedur wasn't 
performed.  I guess, potentially, using chkrootkit comparing sources 
compiled in /usr/src?

-M



More information about the talk mailing list