RE: what is means ? + rootkits..
> How to protect against rootkis ?
Keep your system up to date, do not run unrelaibale software, do not give accounts to people you do not trust.
> Is it some kind of trojan
> wich working
> with root priviledges ?
Basically, yes. It is typically a "kit" you drop on the system via a remote root exploit, which replaces binaries, and tries to mask itself.
> Why some people says that eg. tripwire doesn't discover it ?
Then they dont know what they are saying, i would say that Tripwire / AIDE / such will be 100% efficient in detecting kits _PROVIDING_ that your database is current, and is stored in a tamper-proof location... and ofcource you actually use and update teh IDS database.
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: