Re: chkrootkit infected ports 2881
Adam Hardy on 13/08/08 10:27, wrote:
Martin on 12/08/08 16:34, wrote:
On Tue, Aug 12, 2008 at 5:12 PM, Adam Hardy <email@example.com>
The question is, what do I replace chkrootkit with, especially if stuff
like rkhunter's not much better?
apt-cache show tripwire Description: file and directory integrity checker
Tripwire is a tool that aids system administrators and users in monitoring
a designated set of files for any changes. Used with system files on a
regular (e.g., daily) basis, Tripwire can notify system administrators of
corrupted or tampered files, so damage control measures can be taken in a
I don't have access to a floppy or cdrom drive - the server is hosted
somewhere at an ISP. I think any cracker would just re-run tripwire if they
found it installed.
The only suggestion so far is that I script a solution (or adapt existing ones).
Surely there's a package available that's made for people with 1 or 2 hosted
servers that need a foolproof cracker alarm? Looking through apt-cache search,
there seem to be loads of nasty packages available for people who might want to
attack my server, but not much that I can use to check whether I've been rooted.