[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[suse-security] chkrootkit and consorts
i have downloaded chkrootkit, check_ps and rkdet, but i have a hard
time in figuring out how (best) to use them. As far as you don't see
your own security compromised, i'd like to know some of your thoughts or
configurations of these tools...
1 - are any of the tools redundant and can be dropped (i think i
understood that the functionality of check_ps is provided by chkrootkit
as well which does even more...)?
2 - is any anti-rootkit tool missing (not speaking of tripwire etc.)?
3 - which of the tools should i have running deamonized?
4 - which files should i protect/have watched by rkdet?
5 - what do you think of the idea of creating and regularly running a
customized shellscript that would unzip the tools plus a set of trusted
binaries and then uses these instead of the always-installed ones? But
that would mean i had to make special setups/'make install's, wouldn't
it? and it wouldn't work with resident tools (rkdet) at all, right?
and so on, i could go on asking for hours, but i'll appreciate just
about any help.
To know recursion, you must first know recursion.
My Public PGP Keys:
1024 Bit DH/DSS: 0x869F81BA
768 Bit RSA: 0x1AD97BA5
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here