LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   rkhunter vs. chkrootkit, which is better? (https://www.linuxquestions.org/questions/linux-security-4/rkhunter-vs-chkrootkit-which-is-better-753714/)

abefroman 09-08-2009 09:48 PM
rkhunter vs. chkrootkit, which is better?
 
rkhunter vs. chkrootkit, which is better?

TIA

win32sux 09-08-2009 09:53 PM
Quote:
Originally Posted by abefroman (Post 3675188)
rkhunter vs. chkrootkit, which is better?
Are you like being forced to choose between them? :)

BTW, could you be a bit more specific as to what aspect you are refering to?

abefroman 09-08-2009 10:09 PM
Quote:
Originally Posted by win32sux (Post 3675193)
Are you like being forced to choose between them? :)

BTW, could you be a bit more specific as to what aspect you are refering to?
It looks like chkrootkit checks for altered log files where as rkhunter doesn't.

Is one considered better than the other?

TIA

unSpawn 09-09-2009 04:47 AM
I'd say they complement each other. Also note both are post-incident tools. Like with all such tools they should be accompanied by other independent means to verify and correlate like an active file integrity checker like Samhain or a passive one like Aide, Integrit, Osiris or even tripwire.


All times are GMT -5. The time now is 01:16 PM.