[Am-info] chk root kits

[Glenn T. Livezey, Ph.D.]

Owing to the coming long weekend, increasing hack attacks and some
recent and mysterious (to me) hang-ups on my IBM ICS for OS/2 web
server, I am looking for any tools that would help me trouble shoot
vulnerabilities on an OS/2 server and OS/2 webserver.

RE: IBM ICS for OS/2 webserver, my website simply becomes inaccessible,
though when I go to the server and look at the screen, the open web
server app indicates "server is ready", and there are no entries in 
either the httpd-log (access log) or httpd-error (error log) to point
to some request or command that has put my site 'out of reach'.
Simply resetting/restarting the server doesn't fix it, I have to shut
it down and start it up again.

A recent exploit where it would actually shutdown the webserver was
fixed by a complete re-install - but who wants to do that more than
once?

I can find no directory/file dates indicating new or recent changes
that I can't otherwise explain as normal or intentional changes on my
part. 

Are there any OS/2 tools out there to help this amateur RTFM-only-
when-I-need-to-know 'sysop' protect himself and his neighbors?  

A recent mailing refered to chkrootkits, tools to locate rootkits,
worms and other invaders that have set up outposts in stealthmode
on other peoples machines. But I see no reference to indicate if
any of these will run on OS/2.

Also, a friend recently had his IRIX box commandeered by a buffer
overflow exploit - anything designed to protect/check an SGI machine
would also be of use here. 

Any and all help would be appreciated. 

Thanks

Glenn
-- 
Glenn T. Livezey, Ph.D.

University of Minnesota
Neuroscience Department
Room 6-145 Jackson Hall
321 Church St. S.E.
Minneapolis, MN 55455

(612) 624-2991 FAX 6-5009 
glivezey@lenti.med.umn.edu
livezey@bigfoot.com