On 9/9/2011 6:45 PM, Lisi wrote: > We seem to be being told that nowadays we should run a root-kit checker. The > kernel exploit would indeed seem to suggest it. I have tried rkhunter and > found that I couldn't make head or tail of it. I then read that, for a > root-kit checker to work properly, you should install it on a fresh install > before said installation goes on the Internet. All well and good, but I > almost always install Debian of some version or other, and when I do so, I > always install over the net. > > So how do I run a check before going on the Internet??? I can hardly install > a package of any sort before I have installed at least the basics of the > distro! (Yes, I know that there are those on this list who say that a > root-kit checker is useless anyway, and root-kits are obviously difficult to > spot - the kernel is guarded by people far more capable than I.) > > Lisi > > Lisi, Generally speaking, you might want to start with a fresh install, say in a VM (VirtualBox is good for this). Then install chkrootkit, rkhunter and/or tiger, all of which are sufficient root-kit checkers. Then you can work from there, but the concept is that root-kit tools should be the first tool installed and keep good, *known clean* sources handy to copy to knew machines as the first thing they do after being installed. -- > Chris Brennan > -- > A: Yes. > >Q: Are you sure? > >>A: Because it reverses the logical flow of conversation. > >>>Q: Why is top posting frowned upon? > http://xkcd.com/84/ | http://xkcd.com/149/ | http://xkcd.com/549/ > GPG: D5B20C0C (6741 8EE4 6C7D 11FB 8DA8 9E4A EECD 9A84 D5B2 0C0C) ------------------------------------------------------------------------
Attachment:
0xD5B20C0C.asc
Description: application/pgp-keys
Attachment:
signature.asc
Description: OpenPGP digital signature