Quoting John
: Which is best? Has anyone tried both these tools?
As far as I'm aware, these are two completely different tools that do completely different things.
Tripwire is an intrusion detection system. It lets you know when something has changed your files. Assuming you hadn't done it yourself, you know someone is misbehaving.
Rootkit Hunter, as its name implies, scans your computer for known rootkits that someone may have left there.
Tripwire has the advantage of letting you know what files have changed, and can thus detect all rootkits, not just known ones. On the downside, it requires more effort to keep its DB up to date. You'll have to run it after every security update. Rootkit Hunter will also find rootkits that have been
but not yet activated. For instance, if one of your users puts a rootkit in their home directory, tripwire wouldn't alert you until it's activated.
Consider it in terms of building security, tripwire is just like a
Yes, Tripwire looks to be more necessary :)
----- Original Message -----
From:
anyone breaking in sets it off. Rootkit Hunter is like a security guard, it has a chance of seeing the undesirable before the actual breakin, but has to already know what the thief looks like.
Personally, I prefer tripwire.
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here