Hi All I have been following this discussion with some interest. I have few questions, which all go to 1. what behaviour leads the syetem owner/manager to believe that there is a security issue at play here? 2. how old is the syusytem in question? 3. have there been manual tools installs done on the system? 4. Has the system been fully updated/upgraded? 5. have we eliminated other causes of file mismatch - bad/incomplete updates, corrupted HDD, bad RAM, user error ? 6. finally - does the debcheckroot tool look at the security distribution archive as well as the main debian archive? There are times where packages are updated in the security archive, but not reflected in mailine Cheers Tomasz On Sun, May 08, 2022 at 06:26:51PM -0400, Michael Lazin wrote: > Rkhunter does find patterns of known rootkits but it also finds indicators > like memory anomalies like I mentioned and it logs each file change from > the install, this is why ideally you should install it in a fresh system. > Thanks. > > Michael Lazin > > On Sun, May 8, 2022 at 3:45 PM <estellnb@elstel.org> wrote: > > > Am 08.05.2022 20:43, schrieb estellnb@elstel.org: > > > P.S.: A memory only rootkit would still need a hook to reinstall on a > > > fresh boot. > > > > Yes I know it is an issue. Debcheckroot does f.i. not check you > > initrd. To fix this issue I would need to program an own piece of > > software like debcheckinitrd. Anyone who wants to support me can do > > this: https://www.elstel.org/Contact.html. I am a free developer and I > > do not get paid for my open source related work. > > > -- > Michael Lazin > > .. τὸ γὰρ αὐτὸ νοεῖν ἐστίν τε καὶ εἶναι. -- Tomasz M. Ciolek ******************************************************************************* tmc at vandradlabs dot com dot au ******************************************************************************* GPG Key ID: 0x830AD092288EF017 GPG Key Fingerprint: 07DF B95B DB58 57B6 9656 682E 830A D092 288E F017 Key available on good key-servers *******************************************************************************
Attachment:
signature.asc
Description: PGP signature