Re: What is the best free HIDS for Debian

To: debian-security@lists.debian.org
Subject: Re: What is the best free HIDS for Debian
From: Michael Lazin <microlaser@gmail.com>
Date: Sun, 8 May 2022 18:26:51 -0400
Message-id: <[🔎] CALdcr8dyg8uGCzfpFCrOEb8d8+38y8Cu3F+5MdY8oQPAARZSiw@mail.gmail.com>
In-reply-to: <[🔎] baf40c33ad6fdd6ba4e24ee09fee972b@elstel.org>
References: <[🔎] 62701ec7$0$18715$426a34cc@news.free.fr> <[🔎] 627260e6$0$24819$426a74cc@news.free.fr> <[🔎] 7848bfca-3955-dd96-3aff-f454d1e28315@elstel.org> <[🔎] 42898050-0dea-3cfb-3462-0a58452182e5@elstel.org> <Ek6Yh-dEgS-3@gated-at.bofh.it> <[🔎] 6277d936$0$22287$426a74cc@news.free.fr> <[🔎] CALdcr8d8tq49E2+UE1khcb5YKKJP+FWTiLtnObQ7L5+afFJwxg@mail.gmail.com> <[🔎] 3269f6ada90bb33d1a672932ff4afc82@elstel.org> <[🔎] baf40c33ad6fdd6ba4e24ee09fee972b@elstel.org>

Rkhunter does find patterns of known rootkits but it also finds indicators like memory anomalies like I mentioned and it logs each file change from the install, this is why ideally you should install it in a fresh system. Thanks.

Michael Lazin

On Sun, May 8, 2022 at 3:45 PM <estellnb@elstel.org> wrote:

Am 08.05.2022 20:43, schrieb estellnb@elstel.org:
> P.S.: A memory only rootkit would still need a hook to reinstall on a
> fresh boot.

Yes I know it is an issue. Debcheckroot does f.i. not check you
initrd. To fix this issue I would need to program an own piece of
software like debcheckinitrd. Anyone who wants to support me can do
this: https://www.elstel.org/Contact.html. I am a free developer and I
do not get paid for my open source related work.

Michael Lazin

.. τὸ γὰρ αὐτὸ νοεῖν ἐστίν τε καὶ εἶναι.

Reply to:

Follow-Ups:
- Re: What is the best free HIDS for Debian
  - From: Tomasz Ciolek <tmc@vandradlabs.com.au>

References:
- What is the best free HIDS for Debian
  - From: Sylvain <ssecherre@free.fr>
- Re: What is the best free HIDS for Debian
  - From: Sylvain <ssecherre@free.fr>
- Re: What is the best free HIDS for Debian
  - From: Elmar Stellnberger <estellnb@elstel.org>
- Re: What is the best free HIDS for Debian
  - From: Elmar Stellnberger <estellnb@elstel.org>
- Re: What is the best free HIDS for Debian
  - From: Sylvain <ssecherre@free.fr>
- Re: What is the best free HIDS for Debian
  - From: Michael Lazin <microlaser@gmail.com>
- Re: What is the best free HIDS for Debian
  - From: estellnb@elstel.org
- Re: What is the best free HIDS for Debian
  - From: estellnb@elstel.org

Prev by Date: Re: What is the best free HIDS for Debian
Next by Date: Re: What is the best free HIDS for Debian
Previous by thread: Re: What is the best free HIDS for Debian
Next by thread: Re: What is the best free HIDS for Debian
Index(es):
- Date
- Thread