On Wednesday 18 August 2004 02:31, Patrick Shanahan wrote:
* Michael Ayers
[08-17-04 18:07]: ... much snipped ... http://www.chkrootkit.org/ is the place to look, chrootkit 0.43 . It works here with 9.1.
but was last updated 27 Dec 03
there is rkhunter available at http://www.rootkit.nl and an rpm noarch available http://wahoo.no-ip.org/~pat/rkhunter-1.1.5-1.ps.noarch.rpm that was built 11 Aug 04.
Note that all these rootkit hunters are ultimately a very poor protection. It's a "quick fix" for people who don't want to do the whole thing with tripwire or similar solutions Also note that if you're going to trust rootkit hunters, having them installed on the system you're going to be monitoring is a very bad idea. If they are to be used at all, they should be kept on secondary storage, like a CD, and run from there when you check the system.