smitty wrote:
> Version 0.45 of chkrootkit was released late in February.
> Fetch the tarball at:
> http://www.chkrootkit.org/
> Read the readme, do a quick compile, and run it as root.
> Regards,
> Smitty
>
I've been using both chkrootkit and Rootkit Hunter ( rkhunter:
http://www.rootkit.nl ) and I find that rkhunter seems to do a better
job for me than chkrootkit. It's easier to make use of, it doesn't
return cryptic false positives the way chkrootkit does, and it's very
flexible and featureful. It also warns of system vulnerabilities, even
if your system hasn't been compromised. Of course, I don't know how
either one of them does, as compared to the other, for finding system
compromises: I operate in a secure enough computing environment that
I've never been compromised (knock on wood). It'd be interesting to
open a system (about which I don't care) up wide to the Internet for a
couple months, then run both chkrootkit and rkhunter on the thing and
compare results.
-- Chad [ CCD CopyWrite | http://ccd.apotheon.org ]
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 20:15:44 EDT