HPE Community
Operating System - HP-UX
1833568 Members
4271 Online
110061 Solutions
New Discussion

rootkits

 
SOLVED
Go to solution
Tommy Brown
Respected Contributor

‎08-15-2006 02:05 AM

‎08-15-2006 02:05 AM

rootkits

Our security admin asked me if there was any HPUX programs/security tools to detect/protect us from rootkits. I have not seen anything regarding this in the forums. I subscribe to the HP security lists and have not seen anything there either. Is this a legitimate concern or paranoia. I do not want to miss any thing pertinent.
Thanks
Tommy
I may be slow, but I get there !
0 Kudos
6 REPLIES 6
spex
Honored Contributor

‎08-15-2006 02:23 AM

‎08-15-2006 02:23 AM

Re: rootkits

Hi Tommy,

Snort offers lightweight network intrusion detection. The HP-UX port is available here:

http://hpux.connect.org.uk/hppd/hpux/Networking/Admin/snort-2.4.5/

PCS
0 Kudos
Peter Godron
Honored Contributor

‎08-15-2006 02:27 AM

‎08-15-2006 02:27 AM

Re: rootkits

Tommy,
in my opinion not a real concern.

On a PC you may install downloaded software, relying on virus check etc. However on HPUX you tend to only installed software from reputable sources. If you want to you could create a list of executable to be 'protected' and generate checksums, which you could compare on a regular basis.

Keep your root account safe and with the right file protection there should be no cause for alarm.
0 Kudos
Tim Nelson
Honored Contributor

‎08-15-2006 02:33 AM

‎08-15-2006 02:33 AM

Re: rootkits

I believe the HP IDS9000 does some of this. Marks and monitors for changes in listed files.


Freely included with your OS distribution.

0 Kudos
Robert Fritz
Regular Advisor

‎08-16-2006 12:22 AM

‎08-16-2006 12:22 AM

Re: rootkits

There's also tripwire for monitoring file checksums.

Note that when an OS is compromised with unknown-origin software... there's really nothing you can do to be sure you can detect the effects, if the installer was root/admin. On the PC, the rootkit "detectors" just detect known signatures. That's fine until the next one, or until someone builds one just for you. I was at blackhat, and there was an announced "undetectable" rootkit for Vista...

So in short on the PC Mac, Linux, and HP-UX... don't install from untrusted sources... regardless of what the "rootkit detector" vendors claim.

Those Who Would Sacrifice Liberty for Security Deserve Neither." - Benjamin Franklin
0 Kudos
Steven E. Protter
Exalted Contributor

‎08-16-2006 01:17 AM

‎08-16-2006 01:17 AM

Solution

Re: rootkits

Shalom Tommy,

Yes, there is a rootkit protection kit as part of Internet Express.

Inerenet Express is offered by http://software.hp.com for 11iv1 and 11iv2

Just search for Internet Express and you will see the rootkit protection among the 69 components of Internet Express.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Tommy Brown
Respected Contributor

‎08-18-2006 05:09 AM

‎08-18-2006 05:09 AM

Re: rootkits

Thanks All,
I hope to download and test out Stephen's solution when I get a chance.
I may be slow, but I get there !
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.