LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 07-25-2006, 08:16 AM   #1
Luke_C
LQ Newbie
 
Registered: Jul 2006
Location: Devon UK
Distribution: RHE and Fedora maninly
Posts: 24

Rep: Reputation: 15
Rootkit Finders.


Hi All,
I have used rootkit hunter and its a bit old now is there any newer version of the software that does the same jobs at all please.

Luke
 
Old 07-25-2006, 08:18 AM   #2
prozac
Member
 
Registered: Oct 2005
Location: Australia
Distribution: slackware 12.1
Posts: 753

Rep: Reputation: 32
chkrootkit is what i use.
 
Old 07-25-2006, 08:23 AM   #3
Luke_C
LQ Newbie
 
Registered: Jul 2006
Location: Devon UK
Distribution: RHE and Fedora maninly
Posts: 24

Original Poster
Rep: Reputation: 15
Nice one dude any links for us please

Just found it seems to be old is this updated at all.

Last edited by Luke_C; 07-25-2006 at 08:25 AM.
 
Old 07-25-2006, 08:30 AM   #4
~=gr3p=~
Member
 
Registered: Feb 2005
Location: ~h3av3n~
Distribution: RHEL 4, Fedora Core 3,6,7 Centos 5, Ubuntu 7.04
Posts: 227

Rep: Reputation: 30
rkhunter is what i use.
 
Old 07-25-2006, 09:22 AM   #5
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
I have used rootkit hunter
What version? From where?


and its a bit old now
Why? What's the reason for saying this? If you have gripes, comments, suggestions, patches (very welcome, but use version 1.2.8) or even undetected rootkits get on the mailinglist.


is there any newer version of the software
The next release of RKH will be available in a few weeks.


Please note Chkrootkit and Rootkit Hunter share some overlap, but also address finding problems differently. It does not hurt using both. That said tools like these have their scope which is not system-wide which means you must not rely solely on those tools. Yes, I'm talking system hardening and auditing. Check out the LQ Security References thread for more.
 
Old 07-25-2006, 09:31 AM   #6
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
BTW, please finish your other thread "Perl in Redhat 8 Hacked Me Thinks" properly.
 
Old 07-25-2006, 09:50 AM   #7
~=gr3p=~
Member
 
Registered: Feb 2005
Location: ~h3av3n~
Distribution: RHEL 4, Fedora Core 3,6,7 Centos 5, Ubuntu 7.04
Posts: 227

Rep: Reputation: 30
oh so dear Unspawn is the developer of rkhunter nice tool thanks.
 
Old 07-25-2006, 10:10 AM   #8
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
oh so dear Unspawn is the developer of rkhunter nice tool thanks.
No, Michael is.
 
Old 07-25-2006, 10:20 AM   #9
~=gr3p=~
Member
 
Registered: Feb 2005
Location: ~h3av3n~
Distribution: RHEL 4, Fedora Core 3,6,7 Centos 5, Ubuntu 7.04
Posts: 227

Rep: Reputation: 30
oh thank you Michael
 
Old 07-25-2006, 02:33 PM   #10
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
Forgot there's another tool on the block: Zeppoo. Haven't tested it yet and it's for 2.6.x only for now. D/L at http://sourceforge.net/projects/zeppoo . Any verbose testing reports welcome.
 
Old 07-26-2006, 08:53 AM   #11
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
Forgot there's another tool on the block: OSSEC Rootcheck. Haven't tested it thoroughly yet. D/L at http://www.ossec.net/en/rootcheck.html .
 
Old 07-27-2006, 03:39 AM   #12
Luke_C
LQ Newbie
 
Registered: Jul 2006
Location: Devon UK
Distribution: RHE and Fedora maninly
Posts: 24

Original Poster
Rep: Reputation: 15
Cheers Unspawn.... I give you a virtual pint
 
Old 07-27-2006, 12:27 PM   #13
Matir
LQ Guru
 
Registered: Nov 2004
Location: San Jose, CA
Distribution: Debian, Arch
Posts: 8,507

Rep: Reputation: 128Reputation: 128
I need to check those two out. I've been predominantly relying on chkrootkit and rkhunter for my system security testing.
 
Old 08-01-2006, 09:43 AM   #14
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
@~=gr3p=~: oh thank you Michael
ROTFL. By now it's me and the RKH team ;-p


@Luke_C: I give you a virtual pint
Thanks.


@Matir: I've been predominantly relying on chkrootkit and rkhunter
While they're good at what they do you're correct (as goes with any tool) it's better not to rely on one or two of the same "class". Next to basic host hardening (prevention always is better), if there's one thing I would recommend it's running one of GRSecurity/LIDS/RSBAC/SELinux. Two things. If there's two things I would recommend it's running that and one of Aide (passive), Samhain (active) or even tripwire. No, three things. If there's three things I would recommend it's running that and one of Logwatch, Swatch, Tenshi or Logcheck.
 
Old 08-01-2006, 11:02 AM   #15
Matir
LQ Guru
 
Registered: Nov 2004
Location: San Jose, CA
Distribution: Debian, Arch
Posts: 8,507

Rep: Reputation: 128Reputation: 128
Quote:
Originally Posted by unSpawn
@Matir: I've been predominantly relying on chkrootkit and rkhunter
While they're good at what they do you're correct (as goes with any tool) it's better not to rely on one or two of the same "class". Next to basic host hardening (prevention always is better), if there's one thing I would recommend it's running one of GRSecurity/LIDS/RSBAC/SELinux. Two things. If there's two things I would recommend it's running that and one of Aide (passive), Samhain (active) or even tripwire. No, three things. If there's three things I would recommend it's running that and one of Logwatch, Swatch, Tenshi or Logcheck.
I do run Logwatch. SELinux gave me too many headaches, never tried any of the others.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
where can I get rootkit ?? iamthewind Linux - Security 21 05-04-2008 02:57 PM
RootKit in FreeBSD 6 ? Carroarmato0 *BSD 2 12-17-2005 06:12 AM
rootkit? basilogics Linux - Software 2 08-19-2005 09:16 AM
Possible rootkit? bleunuit Linux - Security 4 05-18-2005 04:21 PM
rootkit? linuxtesting2 Linux - Security 3 12-06-2004 09:43 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 09:59 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration