X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?a=blobdiff_plain;f=src%2Frootcheck%2Fdb%2Frootkit_trojans.txt;h=523770ccec215aea1f98dd1619ddb83e3e77833f;hb=7ff47fde062004336c7d4487daa70dc6e6ef81c8;hp=d133e168b972b62541d628efa281ae456b6ee13d;hpb=914feba5d54f979cd5d7e69c349c3d01f630042a;p=ossec-hids.git diff --git a/src/rootcheck/db/rootkit_trojans.txt b/src/rootcheck/db/rootkit_trojans.txt index d133e16..523770c 100755 --- a/src/rootcheck/db/rootkit_trojans.txt +++ b/src/rootcheck/db/rootkit_trojans.txt @@ -1,4 +1,5 @@ -# @(#) $Id: rootkit_trojans.txt,v 1.20 2009/06/03 19:18:32 dcid Exp $ +# @(#) $Id: ./src/rootcheck/db/rootkit_trojans.txt, 2012/04/26 dcid Exp $ + # # rootkit_trojans.txt, (C) Daniel B. Cid # Imported from the rootcheck project. @@ -22,16 +23,16 @@ bash !proc\.h|/dev/[0-9]|/dev/[hijkz]! sh !proc\.h|/dev/[0-9]|/dev/[hijkz]! uname !bash|^/bin/sh|file\.h|proc\.h|^/bin/.*sh! date !bash|^/bin/sh|file\.h|proc\.h|/dev/[^cln]|^/bin/.*sh! -du !/dev|w0rm|/prof|file\.h! +du !w0rm|/prof|file\.h! df !bash|^/bin/sh|file\.h|proc\.h|/dev/[^clurdv]|^/bin/.*sh! -login !bash|elite|SucKIT|xlogin|vejeta|porcao|lets_log|sukasuk! +login !elite|SucKIT|xlogin|vejeta|porcao|lets_log|sukasuk! passwd !bash|file\.h|proc\.h|/dev/ttyo|/dev/[A-Z]|/dev/[b-s,uvxz]! mingetty !bash|Dimensioni|pacchetto! chfn !bash|file\.h|proc\.h|/dev/ttyo|/dev/[A-Z]|/dev/[a-s,uvxz]! chsh !bash|file\.h|proc\.h|/dev/ttyo|/dev/[A-Z]|/dev/[a-s,uvxz]! mail !bash|file\.h|proc\.h|/dev/[^nu]! -su !bash|/dev/[d-s,abuvxz]|/dev/[A-D]|/dev/[F-Z]|/dev/[0-9]|satori|vejeta|conf\.inv! -sudo !bash|satori|vejeta|conf\.inv! +su !/dev/[d-s,abuvxz]|/dev/[A-D]|/dev/[F-Z]|/dev/[0-9]|satori|vejeta|conf\.inv! +sudo !satori|vejeta|conf\.inv! crond !/dev/[^nt]|bash! gpm !bash|mingetty! ifconfig !bash|^/bin/sh|/dev/tux|session.null|/dev/[^cludisopt]! @@ -68,7 +69,7 @@ xinetd !bash|file\.h|proc\.h! in.telnetd !cterm100|vt350|VT100|ansi-term|bash|^/bin/sh|/dev[A-R]|/dev/[a-z]/! in.fingerd !bash|^/bin/sh|cterm100|/dev/! identd !bash|^/bin/sh|file\.h|proc\.h|/dev/[^n]|^/bin/.*sh! -init !bash|/dev/h|HOME! +init !bash|/dev/h tcpd !bash|proc\.h|p1r0c4|hack|/dev/[^n]! rlogin !p1r0c4|r00t|bash|/dev/[^nt]! @@ -80,8 +81,6 @@ kill !/dev/[ab,d-k,m-z]|/dev/[F-Z]|/dev/[A-D]|/dev/[0-9]|proc\.h|bash|tmp! # Rootkit entries -/sbin/init !HOME! Suckit rootkit -/proc/1/maps !init.! Suckit rootkit /etc/rc.d/rc.sysinit !enyelkmHIDE! enye-sec Rootkit