- 论坛徽章:
- 0
|
I advise that an entire system install be performed from read-only distribution media. If this is not feasible, all system binaries should be compared using a known good copy of md5 against the read-only distribution media. Since Rootkit installs Trojans programs with the exact checksum and timestamp as the legitimate version, these attributes cannot be used to find Trojan programs. However, cryptographic checksums are nearly impossible to spoof. Therefore, md5 from the read-only floppy described above can be trusted to compare installed programs against the distribution media or known correct checksums. Appendix B of CIAC bulletin E-12 contains an extensive list of cryptographic checksums for various SunOS versions. Please refer to this bulletin for further details. The "live filesystem" CD-ROMs that are popular with Linux distributions may also be used.
http://www.cs.wright.edu/~pmatet ... ication/obrien.html
网上搜的。说最好重装,不想重装就比较md5 |
|
免费注册
楼主: seskissinger
发表于 2007-11-23 16:15
