On Tue, 2003-09-23 at 08:57, Kent Borg wrote: > On Mon, Sep 22, 2003 at 08:24:00PM -0400, Jason Dixon wrote: > > It is for this reason that I'd like to suggest the following. Take > > 10 minutes to download, compile and run chkrootkit on your Linux > > systems. > > So there is a "download chkrootkit" vs. "download Knoppix STD" war > going on. And both have their points.
I retract all arguments regarding the methodology used. My only point was to suggest that folks try chkrootkit. It wasn't intended to start a war of principles, methodologies or philosophies. > This list directly represents a lot of computers that are connected to > the internet all the time. Are they all being kept up to date? Are > the updates being applied *promptly* after they become available? I > seriously doubt it. Worse, are those secondary Linux computers > influenced by those reading this list all being kept up to date? No. Great point. If folks were patching as they should, we'd all be better off. The systems where chkrootkit has worked for me were *always* ones that weren't being patched. Folks, it's *easy*... just use up2date-nox or apt-get update/upgrade via cron! Do we need a HOWTO before folks really pay attention? > P.S. Did anyone point out that chkrootkit needs to be kept up to > date? It does. Chkrootkit should never be installed permanently on a system, IMHO. It should be a one-time utility that is used by downloading the most current source at runtime. This is the only way to guarantee that you're using trusted code. Chkrootkit that's been sitting around on a compromised system is no more effective than a trojaned "netstat". -- Jason Dixon, RHCE DixonGroup Consulting http://www.dixongroup.net -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
