LinuxQuestions.org - rkhunter or chkrootkit?

- Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)

- - rkhunter or chkrootkit? (https://www.linuxquestions.org/questions/linux-security-4/rkhunter-or-chkrootkit-216576/)

marlor

08-12-2004 04:21 AM

rkhunter or chkrootkit?

hi people,

i am planning to install one of those programs. i guess they are quite similar but i would like to hear a word from the people who have used and experienced them, which one of the two is more usefull/better?

thank you in advance

g al me

ppuru

08-12-2004 04:24 AM

Many (that includes me) use both. If you go through some of the "I have been hacked" type posts on the Security forum, you would understand that these tools are only a preliminary check. A smart attacker can simply change the location of her(is) files and these tools won't detect anything.

unSpawn

08-28-2004 08:26 AM

A smart attacker can simply change the location of her(is) files and these tools won't detect anything.
...so, on the auditing side, install a filesystem integrity checker like Aide, Samhain (or Prelude, Osiris, Integrit, tripwire), and save (a copy of) the binary, configs and databases on readonly media. Installing this is preferably done after you installed the OS and *before* you connect it to the 'net. It's no substitute for proper hardening, so do that too.

All times are GMT -5. The time now is 06:13 AM.