On Wed, Aug 19, 2009 at 1:57 AM, Bill Campbell<cen...@celestial.com> wrote: > You cannot trust tools like ``ps'', ``find'', ``netstat'', and > ``lsof'' as these are frequently replaced by ones that are > modified to hide the cracker's work.
As a corollary, the only safe way to audit a suspected system is booting your diagnostic tool from known good media (eg try a security Live CD distro) -- Eduardo Grosclaude Universidad Nacional del Comahue Neuquen, Argentina _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
