Re: rootkit not found by rkhunter
Hi,
Mark van Walraven <markv@netvalue.net.nz> wrote:
>> AFAIK, the best way to know if you're running a stale kernel is to
>> compare the uptime of the machine against the mtime of the actual kernel
>> (using, e.g. "stat /boot/vmlinuz-2.6.26-2-686"). If the uptime of the
>> machine places the last reboot sometime before the kernel was updated,
>> you're not up to date. If there's a better way to test this, I'd love
>> to know about it.
>
> Comparing the outputs of:
>
> sed -n 's/[^(]*(Debian \([^)]*\)).*/\1/p' /proc/version
>
> and:
>
> dpkg -s $(dpkg -S $(readlink /vmlinuz) | cut -d: -f1) |
> awk '/^Version: / {print $2}'
>
> has worked well for me - thanks to the kernel team for including the
> version and revision!
Does someone know, if rkhunter has such a check?
Bye, Jörg.
--
Unsere Zweifel sind Verräter und oft genug verspielen wir den möglichen
Gewinn, weil wir den Versuch nicht wagen.
Reply to: