Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: A simple intrusion detection script
Top Forums Shell Programming and Scripting A simple intrusion detection script Post 302295014 by jim mcnamara on Friday 6th of March 2009 10:17:04 AM
Old 03-06-2009
I worked on root kit hunter at sourceforge.net for a while. There are similar capabilities in the scripts in that app as well.

You may be missing something essential - as an example:
root kits may change a lot of utilities in /usr/bin to avoid detection. md5sum is one of them. It "knows" how to report the old value for a given system file, even though the file is now completely different. The same is true for ls, find and so on. If you ldd those files and ldd is not corrupt you may see odd libraries linked into them.

I would:
create a separate hidden tree of ls, find, md5sum, etc. that your script points to with it's own version of PATH. Populate the directory with known good versions of the files. If you're even a little more paranoid, consider rebuilding & linking those files statically which eliminates shared library masquerading.

It all depends on your level of exposure - if you're inside a good firewall, my suggestions may be overkill.
 

6 More Discussions You Might Find Interesting

1. Cybersecurity

Intrusion Detection - System Call Introspection

can u give me a code for host based intrusion detection using system call introspection... (5 Replies)
Discussion started by: aravind007
5 Replies

2. Shell Programming and Scripting

key detection in a script

Heloo every one I want to write a script that detects a key press and mouse click and movement,but I dont know how. The second one is I want to run myscript without writing the shell ie not "sh script.sh" but "script.sh" Can you help me out of here? Thanks in advance. (9 Replies)
Discussion started by: enoch99
9 Replies

3. Shell Programming and Scripting

File detection then run script

I am currently running 4 scripts to complete a job for me. Each script requires the finished file of the one before it. For example the first script gets the finished file called model.x, then i would like script2 to start in and use model.x as the input and get model_min.x as the finished... (5 Replies)
Discussion started by: olifu02
5 Replies

4. Shell Programming and Scripting

need bash script Intrusion Detection on Linux

Hello all I have a script but I failed on the creation of Script is any is carried out in the shell sends the owner of the server, the message is has been implemented For example, functioned as a detection system intruders but in smaller Is it possible to help if you allow I want the... (4 Replies)
Discussion started by: x-zer0
4 Replies

5. Programming

Parallel Processing Detection and Program Return Value Detection

Hey, for the purpose of a research project I need to know if a specific type of parallel processing is being utilized by any user-run programs. Is there a way to detect whether a program either returns a value to another program at the end of execution, or just utilizes any form of parallel... (4 Replies)
Discussion started by: azar.zorn
4 Replies

6. Shell Programming and Scripting

Help making simple perl or bash script to create a simple matrix

Hello all! This is my first post and I'm very new to programming. I would like help creating a simple perl or bash script that I will be using in my work as a junior bioinformatician. Essentially, I would like to take a tab-delimted or .csv text with 3 columns and write them to a "3D" matrix: ... (16 Replies)
Discussion started by: torchij
16 Replies

LEARN ABOUT SUSE

gst-md5sum

gst-md5sum-0.8(1)						   User Commands						 gst-md5sum-0.8(1)

NAME

       gst-md5sum-0.8, gst-md5sum - get an md5sum of a GStreamer pipeline through md5sink

SYNOPSIS

       gst-md5sum-0.8 [--verbose] [gst-std-options] [partial-pipeline-description]

       gst-md5sum [--verbose] [gst-std-options] [partial-pipeline-description] [--gst-list-mm] [--gst-mm=string] [--print]

DESCRIPTION

       gst-md5sum-0.8 generates MD5 checksums of the data generated by a GStreamer pipeline.

       In theory, both of the following commands should print out the same checksum:

       gst-md5sum-0.8 filesrc location=music.mp3

       md5sum music.mp3

       If  the	pipeline  contains  an md5sink element, gst-md5sum-0.8 queries it for the md5sum at the end of pipeline iteration. If the pipeline
       does not contain an md5sink element, gst-md5sum-0.8 automatically connects an md5sink to the right-hand side of the given pipeline.

       See gst-launch(1) or the GStreamer documentation for more information on how to create a partial-pipeline-description.

       gst-md5sum is a wrapper script that runs the latest installed version of gst-md5sum-X.X. For  example,  if  both  gst-md5sum-0.7  and  gst-
       md5sum-0.8 are installed on your system, gst-md5sum runs gst-md5sum-0.8.

OPTIONS

       The following options are supported by gst-md5sum-0.8 and gst-md5sum:

       --verbose       Output verbose information. You can also use -v to specify this option.

       gst-std-options Standard options available for use with most GStreamer applications.  See gst-std-options(5) for more information.

       The following options are supported by gst-md5sum only:

       --gst-list-mm   List found major/minor versions. This option displays the versions that are available.

       --gst-mm=string Force  major/minor  version.  This  option  enables you to specify a specific version to run, if you do not want to run the
		       default version.

       --print	       Print wrapped command line. This option displays the command that will be run, and then runs the command.

OPERANDS

       The following operands are supported:

       partial-pipelinePartialppipeline description.

EXAMPLES

       Example 1: Running the Wrapper Script and Displaying the Command Name

       example% gst-md5sum --print
       /usr/bin/gst-md5sum-0.8

FILES

       The following files are used by this application:

       /usr/bin/gst-md5sum-0.8 Executable for GNOME help browser

       /usr/bin/gst-md5sum     Wrapper script that runs the latest installed version of gst-md5sum-X.X

ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |SUNWgnome-media		   |
       +-----------------------------+-----------------------------+
       |Interface stability	     |External			   |
       +-----------------------------+-----------------------------+

SEE ALSO

       gst-complete(1), gst-compprep(1), gst-feedback(1), gst-inspect(1),  gst-launch(1),  gst-launch-ext(1),  gst-register(1),  gst-thumbnail(1),
       gst-typefind(1), gst-xmlinspect(1), gst-xmllaunch(1), gstreamer-properties(1), libgstreamer-0.8(3), libgstgetbits(3), gst-std-options(5)

NOTES

       Original man page written by the GStreamer team at http://gstreamer.net/.

       Updated by Brian Cameron, Sun Microsystems Inc., 2004.

SunOS 5.10							    14 Oct 2004 						 gst-md5sum-0.8(1)
All times are GMT -4. The time now is 05:48 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy