rkhunter-1.1.9-1.ps.noarch.rpm available (fwd)
Gregory Boyce
gboyce at badbelly.com
Wed Jan 5 08:20:54 EST 2005
On Mon, 3 Jan 2005, David Kramer wrote:
> Rootkit Hunter scans files and systems for known and unknown rootkits,
> backdoors, and sniffers. The package contains one shell script, a few
> text-based databases, and optional Perl modules. It should run on
> almost every Unix clone.
Without statically compiled programs for the script to run, how do you
know you can trust the restults? A number of rootkits will actually
provide a trojoned md5sum that will just give you the results you're
looking for rather than the real results for the modified binaries.
chkrootkit (http://www.chkrootkit.org/) is designed to be compiled on a
known good host, then copied to the system that you're not sure about.
All programs used are statically compiled binaries protecting against this
sort of thing.
More information about the Discuss
mailing list