[suse-security] chkrootkit and consorts

[Andreas Wagner <A.Wagner@xxxxxxxxxxxxxxxxxxxxx>]

Hi list,
i have downloaded chkrootkit, check_ps and rkdet, but i have a hard 
time in figuring out how (best) to use them. As far as you don't see 
your own security compromised, i'd like to know some of your thoughts or
configurations of these tools...

1 - are any of the tools redundant and can be dropped (i think i
  understood that the functionality of check_ps is provided by chkrootkit
  as well which does even more...)?
2 - is any anti-rootkit tool missing (not speaking of tripwire etc.)?
3 - which of the tools should i have running deamonized?
4 - which files should i protect/have watched by rkdet?
5 - what do you think of the idea of creating and regularly running a 
  customized shellscript that would unzip the tools plus a set of trusted
  binaries and then uses these instead of the always-installed ones? But
  that would mean i had to make special setups/'make install's, wouldn't
  it? and it wouldn't work with resident tools (rkdet) at all, right?

and so on, i could go on asking for hours, but i'll appreciate just 
about any help.

TIA,
Andreas

-- 
To know recursion, you must first know recursion.

-- 
My Public PGP Keys:
1024 Bit DH/DSS: 0x869F81BA
768 Bit RSA:     0x1AD97BA5

-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here