Last month in the first part of this article series, we discussed some of the preparation and steps that must be taking when analyzing a live Linux system that has been compromised. Now we'll continue our analysis by looking for malicious code on the running system, and then discuss some of the searches that can be done with the data once it has been transferred to our remote host.
Note:
A storm has erupted in the embedded community, with real-time operating systems house Green Hills charging that Linux is fundamentally insecure and wide open to security breaches by "foreign intelligence agencies and terrorists."
The explosive charges were made in a speech delivered Thursday (April 8) at the Net-Centric Operations Industry Forum in McLean, Va., by Green Hills chief executive officer Dan O'Dowd.
Four Linux distributors, including Red Hat and SuSE, took issue this week with a recent report by Forrester Research that compared the security of Linux and Windows.
Last week, Forrester senior analyst Laura Koetzle released her year-long study of published security vulnerabilities and their fixes during the time span from June 1, 2002 to May 31, 2003.
The new Linux 2.6 kernel offers many improvements over the 2.4 version. One area of technical advancement is in the kernel networking options. Although there are enhancements in most of the files associated with the networking options, this article focuses on major feature improvements and additions that affect entire sections rather than on specific files.
The fact that Mandrake 10.0 is coded with Linux kernel 2.6 means the number of unique users it can handle has increased from 65,000 to over 4 billion, with 1 billion concurrent processes on a single system. It also means it is more secure. In short, it is better equipped than the previous Mandrake distro to take a lead role in the data center. No one can claim that Linux vendor Mandrake is not true to the spirit of open source.
L33tdawg: Keep an eye out for spoonforks' article on Gentoo Linux coming out in our upcoming e-zine...
A new study from Forrester Research has concluded that the Linux operating system is not necessarily more secure than Windows. The report, Is Linux more secure than Windows? finds that on average, Linux distributors took longer than Microsoft to patch security holes, although Microsoft flaws tended to be more severe.
But leading Linux vendor Red Hat said that while Forrester's underlying figures were sound, its conclusions didn't give an accurate idea of relative security, as they failed to distinguish between patch times for critical updates and routine, obscure problems.
Corel plans to test the waters later this month for a Linux version of its WordPerfect productivity software.
A Corel representative said the company's online store will begin selling a "proof-of-concept" Linux-native version of WordPerfect on April 15. "This pilot project is designed to determine the feasibility of developing future Linux versions of WordPerfect or WordPerfect Office," the representative said.
Recognized as a high-performance, reliable, and serviceable enterprise platform, the 64-bit POWER™ architecture offers new choices to UNIX and Linux application developers. Anyone with a background in either AIX or Linux on other platforms can benefit from the strength of the open source community combined with the POWER of world-class IBM hardware.
L33tdawg: A question that has been raised MANY times, yet seems to be one which we never tire of asking! ;)
