1 |
On Sunday 30 Oct 2011 13:32:26 James Broadhead wrote: |
2 |
> I'm surprised that no one has mentioned rkhunter yet - loads of lib |
3 |
> exploits allow system access, and there's a pretty solid argument that says |
4 |
> that compromising a user account on the average *nix system allows enough |
5 |
> resourses to do a lot of malicious activity without even needing privilege |
6 |
> escalation. |
7 |
|
8 |
I have ... |
9 |
|
10 |
All I use on my boxen is chkrootkit and rkhunter. |
11 |
|
12 |
rkhunter-1.3.8 is currently giving me false positives: |
13 |
====================== |
14 |
File properties checks... |
15 |
Required commands check failed |
16 |
Files checked: 138 |
17 |
Suspect files: 1 |
18 |
|
19 |
Rootkit checks... |
20 |
Rootkits checked : 245 |
21 |
Possible rootkits: 2 |
22 |
Rootkit names : Xzibit Rootkit, Knark Rootkit |
23 |
|
24 |
Applications checks... |
25 |
Applications checked: 3 |
26 |
Suspect applications: 0 |
27 |
====================== |
28 |
|
29 |
This is known and I believe fixed in later versions. |
30 |
-- |
31 |
Regards, |
32 |
Mick |