[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: check for root kit

On Wed, 17 Apr 2002 15:02:02 +1000
tom_massey@dingoblue.net.au (Tom Massey) wrote:
> ...
> $ apt-cache show chkrootkit
> ...

That's a scary tool, if I ever saw one. I have it running once a day,
and it almost always reports a possible LKM "infection". Sometimes it
detects 1 process hidden from ps, sometimes 3 processes, sometimes none.
I'm reasonably sure the machine is not compromised, I think the tool is
just a bit too zealous.

I keep it installed because it does all sorts of checks for other types
of compromises.

Carlos Sousa

To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: