Skip to main content

Home/ Free Things/ Group items tagged rootkits free antivirus spyware

Rss Feed Group items tagged

Alberto Adrián Schiano

Debian Package of the Day » Blog Archive » rkhunter & chkrootkit: wise cracke... - 0 views

  • One thing to be wary of is the number of false-positives coming from chkrootkit. It seems to alert for just about every .* directory it can find on the system, including bits of JDK, volatile tmpfs, and is subject to race-conditions falsely complaining about “hidden” processes when all that’s happened is a few have died since it compared lists. Processes in detached screen sessions seem to show up based on their ttys not being found in utmp. It seems to think my init is `INFECTED’ which is complete hokum. All this because it’s a kludged-up load of shell-scripts relying on grep for ill-defined regexp-matches.

    So. I’m with rkhunter - it’s far more intelligent in operation, doing things like checking for changes in passwd and root-equivalent users between runs, for example. I can and do run both on all dozen-or-more debian boxes, but I take rkhunter far more seriously and only look for *changes* in output from chkrootkit.

  •  
    Two opensource applications to find rootkits and spyware in Linux (or Windows)
    Dos aplicaciones codigo abierto para hallar rootkits o spyware en Linux (o Windows)

1 - 1 of 1
Showing 20 items per page