Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
07-25-2006, 08:16 AM
|
#1
|
LQ Newbie
Registered: Jul 2006
Location: Devon UK
Distribution: RHE and Fedora maninly
Posts: 24
Rep:
|
Rootkit Finders.
Hi All,
I have used rootkit hunter and its a bit old now is there any newer version of the software that does the same jobs at all please.
Luke
|
|
|
07-25-2006, 08:18 AM
|
#2
|
Member
Registered: Oct 2005
Location: Australia
Distribution: slackware 12.1
Posts: 753
Rep:
|
chkrootkit is what i use.
|
|
|
07-25-2006, 08:23 AM
|
#3
|
LQ Newbie
Registered: Jul 2006
Location: Devon UK
Distribution: RHE and Fedora maninly
Posts: 24
Original Poster
Rep:
|
Nice one dude any links for us please
Just found it seems to be old is this updated at all.
Last edited by Luke_C; 07-25-2006 at 08:25 AM.
|
|
|
07-25-2006, 08:30 AM
|
#4
|
Member
Registered: Feb 2005
Location: ~h3av3n~
Distribution: RHEL 4, Fedora Core 3,6,7 Centos 5, Ubuntu 7.04
Posts: 227
Rep:
|
rkhunter is what i use.
|
|
|
07-25-2006, 09:22 AM
|
#5
|
Moderator
Registered: May 2001
Posts: 29,415
|
I have used rootkit hunter
What version? From where?
and its a bit old now
Why? What's the reason for saying this? If you have gripes, comments, suggestions, patches (very welcome, but use version 1.2.8) or even undetected rootkits get on the mailinglist.
is there any newer version of the software
The next release of RKH will be available in a few weeks.
Please note Chkrootkit and Rootkit Hunter share some overlap, but also address finding problems differently. It does not hurt using both. That said tools like these have their scope which is not system-wide which means you must not rely solely on those tools. Yes, I'm talking system hardening and auditing. Check out the LQ Security References thread for more.
|
|
|
07-25-2006, 09:31 AM
|
#6
|
Moderator
Registered: May 2001
Posts: 29,415
|
BTW, please finish your other thread "Perl in Redhat 8 Hacked Me Thinks" properly.
|
|
|
07-25-2006, 09:50 AM
|
#7
|
Member
Registered: Feb 2005
Location: ~h3av3n~
Distribution: RHEL 4, Fedora Core 3,6,7 Centos 5, Ubuntu 7.04
Posts: 227
Rep:
|
oh so dear Unspawn is the developer of rkhunter nice tool thanks.
|
|
|
07-25-2006, 10:10 AM
|
#8
|
Moderator
Registered: May 2001
Posts: 29,415
|
oh so dear Unspawn is the developer of rkhunter nice tool thanks.
No, Michael is.
|
|
|
07-25-2006, 10:20 AM
|
#9
|
Member
Registered: Feb 2005
Location: ~h3av3n~
Distribution: RHEL 4, Fedora Core 3,6,7 Centos 5, Ubuntu 7.04
Posts: 227
Rep:
|
oh thank you Michael
|
|
|
07-25-2006, 02:33 PM
|
#10
|
Moderator
Registered: May 2001
Posts: 29,415
|
Forgot there's another tool on the block: Zeppoo. Haven't tested it yet and it's for 2.6.x only for now. D/L at http://sourceforge.net/projects/zeppoo . Any verbose testing reports welcome.
|
|
|
07-26-2006, 08:53 AM
|
#11
|
Moderator
Registered: May 2001
Posts: 29,415
|
Forgot there's another tool on the block: OSSEC Rootcheck. Haven't tested it thoroughly yet. D/L at http://www.ossec.net/en/rootcheck.html .
|
|
|
07-27-2006, 03:39 AM
|
#12
|
LQ Newbie
Registered: Jul 2006
Location: Devon UK
Distribution: RHE and Fedora maninly
Posts: 24
Original Poster
Rep:
|
Cheers Unspawn.... I give you a virtual pint
|
|
|
07-27-2006, 12:27 PM
|
#13
|
LQ Guru
Registered: Nov 2004
Location: San Jose, CA
Distribution: Debian, Arch
Posts: 8,507
Rep:
|
I need to check those two out. I've been predominantly relying on chkrootkit and rkhunter for my system security testing.
|
|
|
08-01-2006, 09:43 AM
|
#14
|
Moderator
Registered: May 2001
Posts: 29,415
|
@~=gr3p=~: oh thank you Michael
ROTFL. By now it's me and the RKH team ;-p
@Luke_C: I give you a virtual pint
Thanks.
@Matir: I've been predominantly relying on chkrootkit and rkhunter
While they're good at what they do you're correct (as goes with any tool) it's better not to rely on one or two of the same "class". Next to basic host hardening (prevention always is better), if there's one thing I would recommend it's running one of GRSecurity/LIDS/RSBAC/SELinux. Two things. If there's two things I would recommend it's running that and one of Aide (passive), Samhain (active) or even tripwire. No, three things. If there's three things I would recommend it's running that and one of Logwatch, Swatch, Tenshi or Logcheck.
|
|
|
08-01-2006, 11:02 AM
|
#15
|
LQ Guru
Registered: Nov 2004
Location: San Jose, CA
Distribution: Debian, Arch
Posts: 8,507
Rep:
|
Quote:
Originally Posted by unSpawn
@Matir: I've been predominantly relying on chkrootkit and rkhunter
While they're good at what they do you're correct (as goes with any tool) it's better not to rely on one or two of the same "class". Next to basic host hardening (prevention always is better), if there's one thing I would recommend it's running one of GRSecurity/LIDS/RSBAC/SELinux. Two things. If there's two things I would recommend it's running that and one of Aide (passive), Samhain (active) or even tripwire. No, three things. If there's three things I would recommend it's running that and one of Logwatch, Swatch, Tenshi or Logcheck.
|
I do run Logwatch. SELinux gave me too many headaches, never tried any of the others.
|
|
|
All times are GMT -5. The time now is 09:59 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|