[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
AW: [suse-security] chkrootkit and consorts
Hi Andreas,
> 3 - which of the tools should i have running deamonized?
I ran rkdet daemonized.
> 4 - which files should i protect/have watched by rkdet?
I added /usr/bin/lsof, /sbin/lsmod and /bin/df to xstrings.txt.
> 5 - what do you think of the idea of creating and regularly running a
> customized shellscript that would unzip the tools plus a
> set of trusted binaries and then uses these instead of the
> always-installed ones? But that would mean i had to make special
> setups/'make install's, wouldn't it? and it wouldn't work with resident
> tools (rkdet) at all, right?
I do this with tripwire. I compiled and installed it on the machines to be
checked as if it was a permanent installation. And now I copy the executable,
the config files and the database every night to the machines to be checked,
do the check and then delete the files again.
Bye
Uli
--
Ulrich Roth
IMPACT Business & Technology Consulting GmbH
Im Mediapark 8 / KölnTurm
D-50670 Koeln
Phone +49-221-93 70 80-29
Fax +49-221-93 70 80-15
E-Mail: roth@xxxxxxxxx
--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here