Some tips on chrootkit, please
Hi,
First off: wellness to all. It's been a while since I was here last, so it is a "comming home"...:) Okay. The "it" is out there, and to keep it out THERE, some tools are needed. One of these is chrootkit. Anyone with some experience here? Is it any good? I use Arch Linux behind a private router. There is a fire wall and yes, I have f-prot installed and let it loose on the drive from time to time. But then there are the rootkits. Is Chrootkit any good in the fight against rootkits? Thank you for some light inthe dark. Thor |
It's actually chkrootkit with a 'k'. Your question prompted me to run it - haven't done so for a while. As usual, it found nothing, which is great.
Sounds as though you've got good security, but I can't see what harm it can do to run it from time to time; but as I say, it's never found anything on my box. |
Hey there impert!
Thanks for the reassuring reply...I may (indeed) have misspelled something, but I suspect you know what this is about. My question stems from the changelog... Snippet (look at the date of the last entry) Quote:
By the way, it's not in the Arch repo...dunnow about the others... Thor |
I can't comment on the snippet you posted. Maybe there's not been a lot of activity on the part of the black hats, either.
There's also rkhunter if you're interested. Don't know if it's on the Arch repo. |
Hi impert,
None of these are in the repo, though I do recall chrootkit being in there...the fact it's not (anymore) makes me uneasy as to the future of chrootkit. Maybe I'll have to look outside the repo, for this once... Thanks! Thor |
Tap me on the head (gently, my second most precious piece of anatomy is in there :D ) but I found..
chKrootkit ...I misspelled the name, found it in the repo, installed it and let it loose on my system, result: clean bill of health. Thanks to all Thor |
You could try rkhunter, the latest version is from 2010/11/17
The updates of the datafiles are still regular. http://rkhunter.sourceforge.net/ Kind regards |
Tnx repo, it could not hurt (it seems) to have two of these on the system. I'll sniff it out!
:D Thor |
All times are GMT -5. The time now is 01:34 AM. |