Adam Hardy on 13/08/08 10:27, wrote:
Martin on 12/08/08 16:34, wrote:On Tue, Aug 12, 2008 at 5:12 PM, Adam Hardy <adam.ant@cyberspaceroad.com> wrote:The question is, what do I replace chkrootkit with, especially if stuff like rkhunter's not much better?tripwire maybe?apt-cache show tripwire Description: file and directory integrity checker Tripwire is a tool that aids system administrators and users in monitoringa designated set of files for any changes. Used with system files on a regular (e.g., daily) basis, Tripwire can notify system administrators of corrupted or tampered files, so damage control measures can be taken in atimely manner.I don't have access to a floppy or cdrom drive - the server is hosted somewhere at an ISP. I think any cracker would just re-run tripwire if theyfound it installed.
The only suggestion so far is that I script a solution (or adapt existing ones).Surely there's a package available that's made for people with 1 or 2 hosted servers that need a foolproof cracker alarm? Looking through apt-cache search, there seem to be loads of nasty packages available for people who might want to attack my server, but not much that I can use to check whether I've been rooted.
regards Adam