[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: chkrootkit infected ports 2881

Martin on 12/08/08 16:34, wrote:
On Tue, Aug 12, 2008 at 5:12 PM, Adam Hardy <adam.ant@cyberspaceroad.com> wrote:
The question is, what do I replace chkrootkit with, especially if stuff like
rkhunter's not much better?

tripwire maybe?

apt-cache show tripwire
Description: file and directory integrity checker
 Tripwire is a tool that aids system administrators and users in
 monitoring a designated set of files for any changes.  Used with
 system files on a regular (e.g., daily) basis, Tripwire can notify
 system administrators of corrupted or tampered files, so damage
 control measures can be taken in a timely manner.
Tag: admin::monitoring, interface::commandline, interface::daemon,
role::program, security::ids, security::integrity, use::monitor,
works-with::file, works-with::mail

I don't have access to a floppy or cdrom drive - the server is hosted somewhere at an ISP. I think any cracker would just re-run tripwire if they found it installed.

Perhaps I could write a script to retrieve some hashes from another server? Does that make sense?

Reply to: