[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: rootkit not found by rkhunter

* Noah Meyerhans:

> AFAIK, the best way to know if you're running a stale kernel is to
> compare the uptime of the machine against the mtime of the actual kernel
> (using, e.g. "stat /boot/vmlinuz-2.6.26-2-686").  If the uptime of the
> machine places the last reboot sometime before the kernel was updated,
> you're not up to date.  If there's a better way to test this, I'd love
> to know about it.

What about /proc/version?  If the version stored in it is incorrect,
we should really fix that.

Reply to: