Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

rkhunter-1.1.9-1.ps.noarch.rpm available (fwd)



On Mon, 3 Jan 2005, David Kramer wrote:

> Rootkit Hunter scans files and systems for known and unknown rootkits,
> backdoors, and sniffers. The package contains one shell script, a few
> text-based databases, and optional Perl modules. It should run on
> almost every Unix clone.

Without statically compiled programs for the script to run, how do you 
know you can trust the restults?  A number of rootkits will actually 
provide a trojoned md5sum that will just give you the results you're 
looking for rather than the real results for the modified binaries.

chkrootkit (http://www.chkrootkit.org/) is designed to be compiled on a 
known good host, then copied to the system that you're not sure about. 
All programs used are statically compiled binaries protecting against this 
sort of thing.




BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org