blob: 1e88216b92fd7df18684c93ec3a9b45aa4d5d657 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
If you never used adore before, here's a list of supported
things:
o runs on kernel 2.4.x UP and SMP systems
o first test-versions successfully run on 2.6.0
o file and directory hiding
o process hiding
o socket-hiding (no matter whether LISTENing, CONNECTED etc)
o full-capability back door
o does not utilize sys_call_table but VFS layer
o KISS principle, to have as less things in there as possible
but also being as much powerful as possible
new with adore-ng 0.30:
o syslog filtering: logs generated by hidden processes never appear
on the syslog UNIX socket anymore
o wtmp/utmp/lastlog filtering: writing of xtmp entries by hidden processes
do not appear in the file, except you force it by using special hidden
AND authenticated process (a sshd back door is usually only hidden thus
xtmp entries written by sshd don't make it to disk)
o (optional) relinking of LKMs as described in phrack #61 aka LKM infection
to make it possible to be automatically reloaded after reboots
The build and installation process is usually as easy as
'./configure && make && ./startadore' and/or
'./configure && make && ./relink' so you can set up your honey-pot
test-environment very easily.
|
