Re: chkrootkit and rkhunter are too old ?

To: Sven Hoexter <sven@timegate.de>
Cc: debian-user@lists.debian.org
Subject: Re: chkrootkit and rkhunter are too old ?
From: Edward Pasek <edward.pasek@carspotpro.com>
Date: Tue, 10 Jul 2007 20:48:18 -0500
Message-id: <[🔎] 1184118498.5407.4.camel@futhark>
In-reply-to: <[🔎] 20070710201315.GB5290@sven.home.hoaxter.de>
References: <[🔎] f706ic$hlb$1@sea.gmane.org> <[🔎] 20070710201315.GB5290@sven.home.hoaxter.de>

On Tue, 2007-07-10 at 22:13 +0200, Sven Hoexter wrote:
> On Tue, Jul 10, 2007 at 02:54:04PM +0000, KLEIN Stéphane wrote:
> > Hello,
> > 
> > I look for root kit checker. I found this tools :
> > 
> > * chkrootkit (http://www.chkrootkit.org/)
> > * rkhunter (http://rkhunter.sourceforge.net/)
> > 
> > chkrootkit last version date from 30/09/2006 (1.2.9) and rkhunter date 
> > from 10/10/2006. This tools are near two year old. There aren't new 
> > rootkit since this date ? if yes, there aren't other tools to check my 
> > box ?
> Well sometimes upstream development stops for some reason. To be honest
> those tools hat a lot of false-positives over the years whenever some
> kernel based process changed its name and other things like that.
>  
> > Else, what can I use to test integrity of my system ?
> apt-get install aide, tripwire or one of the similar tools and learn how
> to use them.
> 
> Cheers,
> Sven
I still use rkhunter and chkrootkit. chkrootkit checks common locations
and styles of exploits. rkhunter works equally as well. Tripwire or
Samhain are better then either but more involed in set-up.
Samhain is another file integrity check.

Reply to:

References:
- chkrootkit and rkhunter are too old ?
  - From: KLEIN Stéphane <stephane@is-webdesign.com>
- Re: chkrootkit and rkhunter are too old ?
  - From: Sven Hoexter <sven@timegate.de>

Prev by Date: Re: Opera is faster, but...#
Next by Date: Re: spreadsheet question
Previous by thread: Re: chkrootkit and rkhunter are too old ?
Next by thread: Re: chkrootkit and rkhunter are too old ?
Index(es):
- Date
- Thread