Re: chkrootkit and rkhunter are too old ?

To: debian-user@lists.debian.org
Subject: Re: chkrootkit and rkhunter are too old ?
From: Sven Hoexter <sven@timegate.de>
Date: Tue, 10 Jul 2007 22:13:15 +0200
Message-id: <[🔎] 20070710201315.GB5290@sven.home.hoaxter.de>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] f706ic$hlb$1@sea.gmane.org>
References: <[🔎] f706ic$hlb$1@sea.gmane.org>

On Tue, Jul 10, 2007 at 02:54:04PM +0000, KLEIN Stéphane wrote:
> Hello,
> 
> I look for root kit checker. I found this tools :
> 
> * chkrootkit (http://www.chkrootkit.org/)
> * rkhunter (http://rkhunter.sourceforge.net/)
> 
> chkrootkit last version date from 30/09/2006 (1.2.9) and rkhunter date 
> from 10/10/2006. This tools are near two year old. There aren't new 
> rootkit since this date ? if yes, there aren't other tools to check my 
> box ?
Well sometimes upstream development stops for some reason. To be honest
those tools hat a lot of false-positives over the years whenever some
kernel based process changed its name and other things like that.
 
> Else, what can I use to test integrity of my system ?
apt-get install aide, tripwire or one of the similar tools and learn how
to use them.

Cheers,
Sven
-- 
If you won't forgive me the rest of my life
Let me apologize while I'm still alive
I know it's time to face all of my past mistakes
  [Less than Jake - Rest Of My Life]

Reply to:

Follow-Ups:
- Re: chkrootkit and rkhunter are too old ?
  - From: Edward Pasek <edward.pasek@carspotpro.com>
- Re: chkrootkit and rkhunter are too old ?
  - From: David Brodbeck <brodbd@u.washington.edu>

References:
- chkrootkit and rkhunter are too old ?
  - From: KLEIN Stéphane <stephane@is-webdesign.com>

Prev by Date: Re: aptitude hanging
Next by Date: Re: Bind9 can't start
Previous by thread: chkrootkit and rkhunter are too old ?
Next by thread: Re: chkrootkit and rkhunter are too old ?
Index(es):
- Date
- Thread