draft rootkit hunter howto for home users

edit

post culled see last post if interested

Opera to the rescue, that link doesn't work in Konqueror 3.5.3 or KGet 0.8.5 -- nothing happens, except the gear spins in Konq.

I have taken a quick look & think I'd like to try to help. I seems to me that you need some in 4 areas:

1. technical review
2. home user review
3. proof reading/copy editing
4. general polishing for publication

I do pretty much all of the above for a local LUG member who writes Linux & Open Source articles for our PC Users Group magazine. We have developed a trust where he sends me the original as an OOo Writer .odt & I just make my suggested changes. He has versioning or something turned on, so he can easily see what I have done & take the appropriate action -- hopefully, accept .

I have been working w/ him for several years, & it has taken a while to get to this point; I no longer bother to explain stylistic suggestions -- he knows I think his work is great & he has come to trust writing/editing.

This is our 1st contact, so I don't know if you're ready to trust a stranger w/ access to the orig. document. How about tell us which of the above (1-4) is most important & what mechanism you would like to use, especially for things like spelling & punctuation.

edit post culled

I had to re-try once or twice with firefox 2.0.6, don't remember exactly and then got the .pdf.

Good work, thumbs up to both of you.

While you are at it, a little HowTo for tripwire would be much appreciated too.

Here in germany government is planning the use of trojans etc. for secretly spying on private computers. Bastards.

JZL240I-U

yeah well it worked both in Opera 9.23 and in Mdv konq 3.5.6 which is why I was asking for feedback.

Tripwire eh? well I had it run it a number of times to tweak it for my system files in Mdv. I would not call my self an expert but if Rick takes over the above odt I could make a start on kinda snapshot howto....but as I said the tweaks on system files would be specific to a Mdv distro.

Lets wait to see what archtaod6 makes of my counter offer?

It might be better to just run it on one distro....and then the user see what files to add to the configs, what to delete and then do their own thing?

I do want to participate, but I don't want to be in charge. -- I have neither the time nor the knowledge.

For one thing I run 2 SIG's at HAL-PC for HLUG & for another I don't think I've (yet) used rkhunter.

It appears that unSpawn hangs out here @ LQ, has he had any input into this?

I'm at the stage of setting aside a Workspace/Virtual Desktop (done) & getting ready to d/l the files.

2 immediate suggestions:

• An Introduction at the front
• A Credits page at the end

BTW, any thought to license?

archtoad6

no offence intended in my counter offer. Yes I can put in an intro, overview and a credit....but I do not want to get involved in trying to pretend its some wonderful document that needs a license...a grant of licence. heh heh

2) unSpawn can make his own reply if he wishes but since you ask I feel it respectful to give a longer version of my input.

3) unSpawn called for volunteers in the RKH area. After convincing him I was adept with partimage, he accepted my first wiki which is linked at the sourceforge site.

4) But recently, with the pending 1.3.0 series going to go stable, I realised I had a number of shortcomings and the team were unable to help with wiki after I called for help. BTW anyone can help with the wiki so I mean no disrespect to the rkh team.

5) And then just the other day, my filehigh.com on line pic server or host site for the snapshots that linked from the wiki closed down. That meant I had 3 main choices.
a) find a new site....which I thought I had, called divshare....which does not work for some very well
b) rely on the wiki admin hosting the images....which I still refuse to consider as the best option
c) create a new downloadable document...gosh like this one with the intention in the long run...after it has gone thru the draft to workable document stage....could be hosted, if the rkh team wishes to, at the rkh site.....in addition to any other site we arrange.

6) As brutal as it sounds at my lack of expertise, I am not a sys admin person so can not really be expected to perceived by others as some kind of guru. So I am trying to offer a step by step for home users.

I have tried very hard to be as transparent as possible in informing the reader of the draft pdf file that I am not an expert.

7) The rkh team are very busy and I hope but do not expect them to offer any assistance. Therefore altho I forewarned unSpawn I was posting a link to a pdf file and showed him almost the same file you have, I suspect he is doing the right thing and waiting to see what others think. I doubt he has time to search my posts and I have not bothered to send him the link as IMHO we are going great just the way we are.

8) If you need me to include a disclaimer to protect your reputation I can do that.

9) if you are now reluctant to help thankyou for your kind suggestions so far.

extra...I won't edit that last post...but I just thought I would expand slightly on my point 6.

It is my perception that sys admin types, actually read the README, changlelogs, FAQ and related dox. Therefore in no way is the pdf or odt ever to be considered a doc for experts.
IMHO experts do not need step by step instructions.

Assuming the experts at RKH are as busy as all of us, and I agree I am busy as well but not running servers....then really I think step by step guides tend to fall to grunts.

I do not mean that any step by step you find is automatically not written by an expert, but in the context of rkh team being so busy I think the options are very limited.

finally, I know from various stats, how popular RKH is, how popular my wiki is and am adult enough to know most newbies will not even give RKH a second glance.

But if you point is, that this should be written by an expert, I claim no such expert has come forward.

If your point is, then therefore, there is no need for such a doc based on my last few sentences I disagree.

Not dis-similar to the Meno paradox...knowing what is the correct guide/howto to write well end of rant.....for now heh heh

meno paradox...short version

Meno's Paradox and the Immortality of Soul: how will you know what you are looking for if you first don't already know it (and thus have no reason to go looking for it)? But why look for something you already have? This is the paradox raised in Plato's dialogue called the Meno. In answer to "Meno's Paradox," Plato suggests that before we were born we existed in another realm of being (the realm of the Forms). The shock of being born makes us forget what we knew in that realm. But when we are asked the right questions or have certain experiences, we remember or "recollect" innate (inborn) truths. So if we existed before our births, there is every reason to think that we will continue to exist after our deaths.

Don't get discouraged. I'm no admin either, just an interested home user, I need step by step instructions.

Your draft version for rkhunter was helpful for me. It will be for others as well if they find it -- so here is something to think about as well. Maybe you could offer Jeremy a text-only version for the LQ-Wiki or the answers section and give a link to the .pdf (on LQ or somewhere else).

As to tripwire, here a step by step introduction would be helpful too. As long as the distribution(s) are linux-based (I mean the linux base specification to which most major distros are compliant to) the ingredients should be comparable and for rpm based distros anyhow (I think). So if anybody could do that, please do...

JZL240I-U


I misled you, the wiki I am referring to is already at the LQ wiki. It is not a sourceforge wiki if such thing exists. Altho anyone can edit the wiki at LQ, umm no expert has. I prefer not to support it anymore. Instead a step by step howto for home users as an ODT or PDF is my new goal. That you can follow most of it, shows we may be on the right path.

MY replies were attempts to not discourage archtoad6. But give him more info in case in was wondering why an expert had not written it.

Not discouraged, just a bit overwhelmed w/ other commitments, including RE maintenance & the need to reply to your e-mail .

archtoad6 and any other helpers.

Please cease all activity to improve this draft.

It was my mistake to not propose a time limit on any help offered. I have forewarned Rick by email but at this stage he may be too busy to reply.

Rick, if you did not get my email I am sorry.

To be rude, I am now impatient. If you are too busy to help, that may tell me something.

However, please email me with what you have and you will get credit as you can tell with all my credits in the grub howto.....most did not post to me, I found they were the first to post.

There is going to be a short delay before I submit my new file to the RKH team. unSpawn has been forewarned of that by email.

2) So you have a couple of days to email me your work in progress or not, as you see fit.

3) Yes I am in a rush. Yes I have other things I want to do, so are equally rushed for time. Also the RKH team can refuse my new file. But if they do, I am then absolved, and can then pursue other things.

Once again, thankyou for your kind offer but I am now impatient so request you send me whatever you have and I will give you credit.

cheerio

aus9 please post the link to your final version here so that the new HowTo gets a chance for maximum exposure. Thank you for your efforts .

If RKH accept my (current) final version then yes I will post a link.

If they do not, depending on the reason, I reserve the right not to post my independent link yet to be created. If the RKH team does not like my style or accuracy or whatever, I do not intend to show disrespect and post a link no matter what.