| 1 |
On Sunday 30 Oct 2011 13:32:26 James Broadhead wrote: |
| 2 |
> I'm surprised that no one has mentioned rkhunter yet - loads of lib |
| 3 |
> exploits allow system access, and there's a pretty solid argument that says |
| 4 |
> that compromising a user account on the average *nix system allows enough |
| 5 |
> resourses to do a lot of malicious activity without even needing privilege |
| 6 |
> escalation. |
| 7 |
|
| 8 |
I have ... |
| 9 |
|
| 10 |
All I use on my boxen is chkrootkit and rkhunter. |
| 11 |
|
| 12 |
rkhunter-1.3.8 is currently giving me false positives: |
| 13 |
====================== |
| 14 |
File properties checks... |
| 15 |
Required commands check failed |
| 16 |
Files checked: 138 |
| 17 |
Suspect files: 1 |
| 18 |
|
| 19 |
Rootkit checks... |
| 20 |
Rootkits checked : 245 |
| 21 |
Possible rootkits: 2 |
| 22 |
Rootkit names : Xzibit Rootkit, Knark Rootkit |
| 23 |
|
| 24 |
Applications checks... |
| 25 |
Applications checked: 3 |
| 26 |
Suspect applications: 0 |
| 27 |
====================== |
| 28 |
|
| 29 |
This is known and I believe fixed in later versions. |
| 30 |
-- |
| 31 |
Regards, |
| 32 |
Mick |
Archives