BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

rkhunter-1.1.9-1.ps.noarch.rpm available (fwd)

Subject: rkhunter-1.1.9-1.ps.noarch.rpm available (fwd)
From: gboyce at badbelly.com (Gregory Boyce)
Date: Wed, 5 Jan 2005 08:20:54 -0500 (EST)
In-reply-to: <Pine.LNX.4.58.0501031550380.15314@uni.thekramers.net>
References: <Pine.LNX.4.58.0501031550380.15314@uni.thekramers.net>

On Mon, 3 Jan 2005, David Kramer wrote:

> Rootkit Hunter scans files and systems for known and unknown rootkits,
> backdoors, and sniffers. The package contains one shell script, a few
> text-based databases, and optional Perl modules. It should run on
> almost every Unix clone.

Without statically compiled programs for the script to run, how do you 
know you can trust the restults?  A number of rootkits will actually 
provide a trojoned md5sum that will just give you the results you're 
looking for rather than the real results for the modified binaries.

chkrootkit (http://www.chkrootkit.org/) is designed to be compiled on a 
known good host, then copied to the system that you're not sure about. 
All programs used are statically compiled binaries protecting against this 
sort of thing.

Follow-Ups:
- rkhunter-1.1.9-1.ps.noarch.rpm available (fwd)
  - From: jjohnson at sunrise-linux.com (miah)
- rkhunter-1.1.9-1.ps.noarch.rpm available (fwd)
  - From: david at thekramers.net (David Kramer)

References:
- rkhunter-1.1.9-1.ps.noarch.rpm available (fwd)
  - From: david at thekramers.net (David Kramer)

Prev by Date: rkhunter-1.1.9-1.ps.noarch.rpm available (fwd)
Next by Date: rkhunter-1.1.9-1.ps.noarch.rpm available (fwd)
Previous by thread: rkhunter-1.1.9-1.ps.noarch.rpm available (fwd)
Next by thread: rkhunter-1.1.9-1.ps.noarch.rpm available (fwd)
Index(es):
- Date
- Thread

Boston Linux & Unix / webmaster@blu.org