• 1 reply
  • Latest Post - ‏2013-08-10T04:55:29Z by Jeff Saxton
4 Posts

Pinned topic Linux/Cdorked.A analysis

‏2013-04-29T21:34:16Z |

I was about to start looking at creating an analysis to detect this, but from what I can see, it looks like I am going to have to create a fixlet to execute and then retrieve the contents. This link has information on the detection:

I see that in the doc it suggests the following two items that I could check for.

1. grep -r open_tty /usr/local/apache/

2. chattr -ai /usr/local/apache/bin/httpd

The first one is not an issue, but I cannot seem to find a method to get the second.

There is also a python script that can be executed (can be found at:, but i was trying to avoid running scripts.



  • Jeff Saxton
    Jeff Saxton
    21 Posts

    Re: Linux/Cdorked.A analysis


    At the current time you are stuck executing a script for #2 as there is currently no actionscript equivalent od the chattr command.