[Rkhunter-users] Require assistance to use a live cd in read only mode to run RKH

Mon, 26 Nov 2007 23:49:04 -0800 

Hi

1) My objective is to use a live cd that I can take to anyone's computer and 
have it scan a hard
drive and not write to disk. So far, I have failed. Any assistance in the 
objective will be
greatly appreciated.

Looking at rkhunter --help I was unable to see a option  --notmp or words to 
that effect.

2) I can install RKH into the live cd structure easy peasy. Altho with RIP I 
had to mkdir
/usr/local

3) Without installing rkh, and using a live cd, I can chroot into a read write 
mounted partition 
eg mkdir /z ... mount -t xfs /dev/sda1 /z ....chroot /z...mount -t proc none 
/proc.....rkhunter -c
-sk ....works but writes the logfile to disk.

rkhunter - c -sk --nolog | less...... produces ugly text but I have confirmed 
no log is written.
 And the tmp file described below does not appear to have new timestamps.

4) What I want to do, but have failed so far, is to load a independent RKH into 
live cd, (done)
but have it scan a mounted folder instead of chroot.  AFAIK chroot still wants 
to use
/var/lib/rkhunter/tmp so has to be mounted rw.

If I try...mount -t xfs /dev/sda1 -r /z....chroot /z ...mount -t proc none 
/proc...rkhunter
(anything), RKH complains that the tmp file is unwriteable.

4) log excerpts that I think relevant follow:

[23:49:58] Running Rootkit Hunter version 1.3.0 on RIPLinuX....(hard drive is 
Mdv 2008)
[23:49:58] Info: Using configuration file '/etc/rkhunter.conf'
[23:49:58] Info: Using '/var/lib/rkhunter/tmp' as the temporary directory
[23:49:58] Info: System is not using prelinking
and proof its my hard drive being checked and not the cd:
[23:49:59]          Old host value: gs    New value: RIPLinuX

cheerio


      Make the switch to the world's best email. Get the new Yahoo!7 Mail now. 
www.yahoo7.com.au/worldsbestemail



-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users

Reply via email to