TRD Like Tool For Linux?

Home » CentOS » TRD Like Tool For Linux?
CentOS 6 Comments

so I found that one of my VM hosts seems to have been compromised in some way; I’ve shut it down, isolated it, found a few odd things like gibberish comments and odd hostnames that I don’t recognise pointed back to 127.0.0.1 in /etc/hosts. I tried TRD and it seems mildly useful, but has more of a windowsy feel for what it wants to be able to fix. does anyone know of something with more linux rootkit detection as a focus?
I could just rebuild this machine, but I’d like to know for sure what all/how bad this was broken so I can avoid it for next time.

thanks.

6 thoughts on - TRD Like Tool For Linux?

  • zep wrote:

    Don’t know TRD. Rootkits, though, we use rkhunter here.

    And hostnames pointed to 127.0.0.1… I have a ton of them. #1 on the list that points to that is, of course, doubleclick.com (and .net). It’s a nice way to get rid of ads, and speed up page loading…. Check, for example,
    <http://someonewhocares.org/hosts/>

    mark, who remembers the good old days of usenet

  • Brute force sometimes works… If you have a backup from before the issue, restore it somewhere and diff -r (or maybe rsync -av –delete if it is remote) to find what changed.

  • I stand corrected; I was operating off memory, thought I’d searched for and found it via that name. understandable, since TRD is one vowel off from a very unfortunate product name that nobody would really want to be associated with.