LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 08-12-2004, 05:21 AM   #1
marlor
Member
 
Registered: May 2004
Distribution: Slackware C
Posts: 274

Rep: Reputation: 30
rkhunter or chkrootkit?


hi people,

i am planning to install one of those programs. i guess they are quite similar but i would like to hear a word from the people who have used and experienced them, which one of the two is more usefull/better?

thank you in advance


g al me
 
Old 08-12-2004, 05:24 AM   #2
ppuru
Senior Member
 
Registered: Mar 2003
Location: Beautiful BC
Distribution: RedHat & clones, Slackware, SuSE, OpenBSD
Posts: 1,791

Rep: Reputation: 47
Many (that includes me) use both. If you go through some of the "I have been hacked" type posts on the Security forum, you would understand that these tools are only a preliminary check. A smart attacker can simply change the location of her(is) files and these tools won't detect anything.

Last edited by ppuru; 08-12-2004 at 05:27 AM.
 
Old 08-28-2004, 09:26 AM   #3
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,693
Blog Entries: 54

Rep: Reputation: 2961Reputation: 2961Reputation: 2961Reputation: 2961Reputation: 2961Reputation: 2961Reputation: 2961Reputation: 2961Reputation: 2961Reputation: 2961Reputation: 2961
A smart attacker can simply change the location of her(is) files and these tools won't detect anything.
...so, on the auditing side, install a filesystem integrity checker like Aide, Samhain (or Prelude, Osiris, Integrit, tripwire), and save (a copy of) the binary, configs and databases on readonly media. Installing this is preferably done after you installed the OS and *before* you connect it to the 'net. It's no substitute for proper hardening, so do that too.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
rkhunter atlaika Linux - Security 7 11-29-2005 11:47 AM
rkhunter phatbastard Linux - Security 3 12-08-2004 10:44 PM
Snort and rkhunter lord_zoo Linux - Security 5 11-28-2004 09:07 AM
chkrootkit & rkhunter crontab Sabicas Linux - Security 1 11-27-2004 08:49 AM
Getting Warning during rkhunter? BajaNick Linux - Security 8 09-12-2004 09:34 PM


All times are GMT -5. The time now is 02:17 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration