Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have a question about rkhunter. Is it still in development or it it a depreciated project. I ask because when I do a rkhunter --update there is no updates. It been like this for almost a year.
Clamav always has updates for it's virus signatures. Is there an alternative for rkhunter?
I have a question about rkhunter. Is it still in development or it it a depreciated project. I ask because when I do a rkhunter --update there is no updates. It been like this for almost a year.
Clamav always has updates for it's virus signatures. Is there an alternative for rkhunter?
I think you misunderstand the nature of the rkhunter package. There has been no NEED to change it since late 2014 because it performs exactly to specification. Should one of the supported distributions of linux (or the package manager system) change so greatly as to obsolete the current version, then a new patch or version may be required. Until then, there is no reason to change anything.
Clamav must change to accommodate additional threat types, and the signature/pattern files update FAR more often. Rkhunter detects a single kind of threat, the rootkit, and detects that by the effect one has on the previously existing installed files rather than looking for signatures. What a rootkit does has not changed, so the detection is not required to change.
This question got me thinking and learning, via some web searches, where I found tons of interesting stuff about security.
Think of rkhunter (very loosely) as a detailed 'ls -lR' (plus checksums), of all 'system' files, > mysys, meaning 'output redirected to a file, to save a baseline footprint of my system/OS's files'.
Then, perodically, I run this, redirected to a 'nowmysys' file, and compare them (looking for 'bad' changes).
Conceptually, in this analogy, 'ls' and the script does not need updating! See?
I think you misunderstand the nature of the rkhunter package. There has been no NEED to change it since late 2014 because it performs exactly to specification. Should one of the supported distributions of linux (or the package manager system) change so greatly as to obsolete the current version, then a new patch or version may be required. Until then, there is no reason to change anything.
Quote:
Originally Posted by !!!
This question got me thinking and learning, via some web searches, where I found tons of interesting stuff about security.
Think of rkhunter (very loosely) as a detailed 'ls -lR' (plus checksums), of all 'system' files, > mysys, meaning 'output redirected to a file, to save a baseline footprint of my system/OS's files'.
Then, perodically, I run this, redirected to a 'nowmysys' file, and compare them (looking for 'bad' changes).
Conceptually, in this analogy, 'ls' and the script does not need updating! See?
Thanks for a good question, and WELCOME to LQ!
@ wpeckham
@ !!!
I guess I didn't know too much about rkhunter and how much development it needs. I thought it was something like clamav but for rootkits.
I understand a little more now.
Even though linux has lesser chance of virus infection than windows, I still like to periodically check my system after a long time between checks.
You're VERY welcome. Enjoy Linux; looking forward to more questions from you!
You probably know current Linux better than me, and there's an abundance of answer-power here.
p.s. you can use the Thread Tools drop-down button on top of page, to mark this as 'Solved' when you are done with this, so future searchers will find it as a Solution.
I have a question about rkhunter. Is it still in development or it it a depreciated project.
As one of the developers listed I'd say "yes", but unfortunately I've got very little to prove for it. In part due to the half-life time of some of what it checks, part because of Real Life commitments (which as some of you may have noticed also included me hanging out at LQ).
Quote:
Originally Posted by RoyHBrice
Is there an alternative for rkhunter?
I'd go for all the regular hardening needed, a combination of the LSPP and (prolly) NISPOM Audit rules, Logwatch (,remote syslog?) and, while in no way a comparative product (in a few aspects it's way better ;-p), Samhain in daemon and server - client mode.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.