Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'even better...' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
even better...
Authored by: soy_bomb on Mar 05, '02 11:32:48PM
I deal with rooted UNIX/UNIX-like boxen all the time at my work in data centers for clients. If you really want to see what is going on with your UNIX system, try using:
lsof
Its UNIX command for listing open files. Doesn't even require su/sudo/system admin access. Generally the "root kits" I find on rooted machines go after this command first. For good reasons. lsof gives a bounty of information of what a UNIX/UNIX-like OS is doing. Open files, sockets, processes and the sort. Masking your "root kit" means modifying lsof along with ps, top, ls, du, netstat, and few other low level platform specific utils. In my work, I carry around a 3.5" loaded with lsof for about 10 different UNIX/UNIX-like platforms -- thank god for universal FAT32 support in UNIX.
Don't be afraid of Terminal.app. This is a read-only UNIX command. To learn more open Terminal.app and type:
man lsof
Then search Google for more tips and tricks with lsof.

[ Reply to This | # ]