Yup, I reinstalled and updated rkhunter before using it (and I'm using
1.3.6, since it's in the Mint 11 repository. I'm slowly learning the
other ways of installing applications). Thanks for translating that
into newbie-speak.
persian
On Sunday, 20 November, 2011 at 8:31 PM, Sam Ashley wrote:Hi,
I'm a relative newbie myself, but I can comment on something you said
(experts: please still also comment, and correct me if I'm wrong). Re
inodes: I suspect that the reason you got that warning that rkhunter
had a different inode number is connected to another thing you said,
which is that you re-installed rkhunter. I'm thinking that it's simply
telling you that rkhunter is now running from a different copy of the
program than it was before, when it recorded its own inode number. An
inode number is, I believe, an ID number for a given file, the "name"
used by the OS itself, as opposed to the file name that's readable to
humans. The exact details are beyond my understanding but I think it's
a small data structure that holds pointers to the actual data of a
given file on a formatted disk. Whenever a file is created, or copied
(so a new file is created) a new inode number is assigned, but when
you
just move a file within the same file system the inode number remains
the same.
About your other questions I should defer to people more exert than I,
but I thought I might be able to be a little helpful.
Best,
Sam
On Sun, 20 Nov 2011 15:51:14 +0800
dollfacepers...@hushmail.com wrote:
> Hi, newbie and beginner here (to Linux, rkhunter, and computers in
> general). I've been reading up on rootkits via Google, but there's
so
> much on detection and removal and almost nothing on how they get
into
> a computer, or how much of a threat they are to Linux users - are
new
> ones being created every year? Are they as rare as Linux viruses?.
Are
> Linux servers more targeted than home users? I know they can be
hidden
> in applications, but is installing them also as easy as, say,
clicking
> on a link or having a pop-up ad getting past your defenses, or
> accidentally going to a site marked as red by WOT - and you're still
> screwed even if you get out quickly?
>
> On RKHunter: I scanned with rkhunter the first time after
reinstalling
> it, and I got a warning for rkhunter itself:
>
> [15:13:26] Warning: The file properties have changed:
> [15:13:26] File: /usr/bin/rkhunter
> [15:13:26] Current inode: 2753106 Stored inode: 2760035
>
> The first time I installed it, I got different warnings
>
> /usr/bin/mail [ Warning ]
> /usr/bin/bsd-mailx [
Warning
> ]
>
> which disappeared since I removed Thunderbird.
>
> What is an inode? I'm reading the CERT Intruder Detection list
> and...is there a For Dummies version of this? Using Linux Mint 11,
by
> the way.
>
> -persian
>
>
>
____________________________________________________________________________________
> Delivering best online results. Get better, different Relevant
> results fast ! Searching the best of online online.
>
http://click.lavabit.com/4778drs7kqr9thihd9i1pjt6rcd8p7s7smzoowkuiw8619hfxdbb/
>
____________________________________________________________________________________
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure
contains a definitive record of customers, application performance,
security threats, fraudulent activity, and more. Splunk takes this
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
