![[LWN Logo]](/images/lcorner.png) |
|
![[Timeline]](/images/Included.png) |
Date: Mon, 5 Feb 2001 14:24:47 -0500 (EST)
From: William Stearns <wstearns@pobox.com>
To: Matt Fearnow <matt@sans.org>, Lara Moncrief <Laragiac@aol.com>,
Subject: Ramenfind Ramen detection and removal tool, V0.3
This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware tools.
Send mail to mime@docserver.cac.washington.edu for more info.
---1463747317-1114656953-981400360=:3963
Content-Type: TEXT/PLAIN; CHARSET=US-ASCII
Content-ID: <Pine.LNX.4.30.0102051413031.9430@sparrow.websense.net>
Good day, all,
Attached is the latest version of the Ramenfind detection and
removal tool. Unless problems show up, this should be the final release
of this tool.
The goals of the tool are:
- It should be a shell script so it can be run from a single
floppy linux if the user chooses.
- It should use standard utilities on a Redhat Linux system.
- It should allow for either detection or detection and removal of
the worm. By default, it should only detect and perform no action.
- It should run as a non-root user, invoking sudo as necessary.
- The user should be given the chance to confirm each command
before it is run.
- The script should provide an option to archive the ramen files
for later analysis.
- It should check for needed support utilities.
Changes from version 0.2:
- If any utilities are missing, allow the user to abort or
continue.
- Handle leftover "tail" commands.
- Remove "ftp" and "anonymous" from /etc/ftpusers.
- Use Perl if nc is not available (many thanks to Justin Mason
for the perl code and technical assistance).
- Automatic RPM upgrade had a quoting case that didn't work;
fixed.
This, and any future versions of this script will soon be
available at the following URL's:
http://www.sans.org/y2k/ramen.htm
http://www.ists.dartmouth.edu/IRIA/knowledge_base/tools/ramenfind.html
http://www.linuxlock.org/features/ramenfix.html
Many thanks to all who have contributed to this tool. If you have
problems, suggestions, or requests, please contact me at:
William Stearns <wstearns@pobox.com>
MD5sums for this tool:
dc081eeb132031663e565aefb592508b ramenfind.v0.3
6e86aeec1678f9955176db9aa9d73f7d ramenfind.v0.3.gz
Cheers,
- Bill
---------------------------------------------------------------------------
"As a computer I find your faith in technology amusing."
(Courtesy of Gerhard Mack <gmack@imag.net>)
--------------------------------------------------------------------------
William Stearns (wstearns@pobox.com). Mason, Buildkernel, named2hosts,
and ipfwadm2ipchains are at: http://www.pobox.com/~wstearns
LinuxMonth; articles for Linux Enthusiasts! http://www.linuxmonth.com
--------------------------------------------------------------------------