On Sunday 30 Oct 2011 13:32:26 James Broadhead wrote: > I'm surprised that no one has mentioned rkhunter yet - loads of lib > exploits allow system access, and there's a pretty solid argument that says > that compromising a user account on the average *nix system allows enough > resourses to do a lot of malicious activity without even needing privilege > escalation.
I have ...
All I use on my boxen is chkrootkit and rkhunter.
rkhunter-1.3.8 is currently giving me false positives:
======================
File properties checks...
Required commands check failed
Files checked: 138
Suspect files: 1
Rootkit checks...
Rootkits checked : 245
Possible rootkits: 2
Rootkit names : Xzibit Rootkit, Knark Rootkit
Applications checks...
Applications checked: 3
Suspect applications: 0
======================
This is known and I believe fixed in later versions.
--
Regards,
Mick
signature.asc
Description: This is a digitally signed message part.
