[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On 22/06/10 10:12, James Andrews wrote:
The problem with rkhunter or chkrootkit is that they can be fooled by a compromised system. Ideally they should be run when booting from a different device to usual Although I have had "success" with chkrootkit, if that's the right word Tripwire is a quite good tool at this level of defense The aim is to stop the attacks before they get to this stage. If rkhunter finds anything then the only course of action is to reinstall the entire system There are plenty of guides for "hardening" but I'm sure you understand the basics: don't run anything you don't have to, tightly control access, review all logs regularly
Yep that's what I was thinking. I figured if I installed it on a fresh install then hopefully it would pick anything up.
I'll do a bit more searching on hardening and see what I can find. Rob -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html