3 Oct
2004
3 Oct
'04
23:18
On Sun, 2004-10-03 at 09:53, Sid Boyce wrote:
Rootkit scanner is scanning tool to ensure you for about 99.9% you're clean of nasty tools. This tool scans for rootkits, backdoors and local exploits by running tests like:
Seems to me that a better alternative to needing a "scanner" that needs constant updating to keep up with changing "fingerprints," like a virus scanner, would be to install tripwire. It keeps an encrypted database of checksums of all the important files on your system. You need a separate password to change the database. (For example, to update after installing a new package.) Even root needs that password, so a rootkit can't get on your system and mess with the database without you knowing it. dk