Hi All, I have a mandate to install "anti-virus and anti-malware software on all servers". Since all of our servers are Linux, this was further clarified to mean "rootkit detection software". I have looked at several rootkit detectors, and they all appear to be fairly old. My guess is, it isn't really worth it, since a rootkit is going to be personalized and customized to the system being attacked (but hey, what do I know... :-) ). I have found a few apps that are essentially just a list of files and directories that are common to some older rootkits, and if anything in the list is found, it sets off the alert.
I can do the same thing with Tripwire, which is already on every system. What I am trying to do is either compile an extensive list of rootkit properties, or subscribe to a rootkit signature feed (like a Nessus feed). Does anyone know of the existence of either of these things? TIA, Kenny _______________________________________________ gnhlug-discuss mailing list [email protected] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
