On Thu, Jun 25, 2009 at 9:26 AM, Ted Roche<[email protected]> wrote:
> Kenny: > > You might want to check out http://www.chkrootkit.org/ - the software is > simple to install and run from cron (see the FAQs) and the site has "Related > Links" to some good resources. Ted, I probably should have listed the rootkit detection systems that I have looked at. chkrootkit is one of them. The last release was Dec. 2007. I have also looked at OSSEC, rkhunter, and about 40 others that all suffer from age and incompleteness. Another problem with all of these is that they run locally and report locally. If I were to write a rootkit, the first thing that I would do is check for rootkit detectors and neutralize it if I found it. With Tripwire, or any other remote scanner, the ability to modify the check is eliminated. Thanks, Kenny _______________________________________________ gnhlug-discuss mailing list [email protected] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
