On Saturday 19 March 2005 16:53, Chad Perrin wrote:
I do not recall ever getting any false positives from chkrootkit.
I will try this rkhunter. Thanks.
Smitty
> I've been using both chkrootkit and Rootkit Hunter ( rkhunter:
> http://www.rootkit.nl ) and I find that rkhunter seems to do a better
> job for me than chkrootkit. It's easier to make use of, it doesn't
> return cryptic false positives the way chkrootkit does, and it's very
> flexible and featureful. It also warns of system vulnerabilities, even
> if your system hasn't been compromised. Of course, I don't know how
> either one of them does, as compared to the other, for finding system
> compromises: I operate in a secure enough computing environment that
> I've never been compromised (knock on wood). It'd be interesting to
> open a system (about which I don't care) up wide to the Internet for a
> couple months, then run both chkrootkit and rkhunter on the thing and
> compare results.
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 20:15:53 EDT