Mailinglist Archive: opensuse-factory (242 mails)

[Vahis <waxborg@xxxxxxxxx>]

Sid Boyce wrote:
> Vahis wrote:
> > Andreas Vetter wrote:
> > > Hi,
> > >
> > > rkhunter has a new release 1.3.0 hosted on sourceforge:
> > > http://rkhunter.sourceforge.net
> > >
> > > In factory we have rkhunter-1.2.9-12.44.noarch.rpm (according to
> > > software.opensuse.org/search).
> > >
> > > Can we have the newer version please. The old rkhunter is does not
> > > know about openSUSE 10.3 (10.2 and probably more).
> > >
> > >   
> > It would be nice to hear what you think rkhunter and the ones alike
> > can do?
> >
> > I think its value is zero. No, it's less than that.
>
> Why? Because it keeps telling you that your box isn't infected? One
> day may be something will slip through, needing attention, so far, so
> good.
> Regards
> Sid.
They are just scripts that try to find specific signs of specific
indications of infestation.

They give false concerns (false alarms), and a false sense of well-being.

They look for specific changes in certain files. If the root kit creator
has like changed
the name of such a file to whatever else the root kit won't be found.

I'm sorry for not being able to provide you with a specific example
right now
because I gave up their use long ago, but I'm trying to come up with
something.

YMMV though :)

-- 
Vahis
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-factory+help@xxxxxxxxxxxx