running vs. installed kernel (was: rootkit not found by rkhunter)
On Mon, 05 Oct 2009, dann frazier wrote:
> On Sun, Oct 04, 2009 at 12:16:14PM -0400, Michael S Gilbert wrote:
> > On Sun, 4 Oct 2009 11:44:52 -0400 Thomas Krichel wrote:
> > > It looks like the affected machines run older kernels, so
> > > I will follow your advice and upgrade.
> > i forgot to mention that 'uname -r' won't actually tell you whether you
> > are running the most up-to-date debian kernel. to do that, look at the
> > output of 'dpkg -l | grep linux-image-$(uname -r)'.
> cat /proc/version is nice because it is the running kernel, and
> includes the package version.
might be useful for some.
I don't claim it works in all the cases, or finds every weird
combination out there, but it seems to do a pretty good job of helping
us not forget to reboot systems.
I'm sure the interested parties can butcher it for parts if they don't
want all it does (i.e. maybe not everyone wants the get_avail magic).
| .''`. ** Debian GNU/Linux **
Peter Palfrader | : :' : The universal
http://www.palfrader.org/ | `. `' Operating System
| `- http://www.debian.org/