Anders wrote regarding 'Re: [SLE] rkhunter-1.1.7-1.ps.noarch.rpm available' on Mon, Aug 30 at 16:57:
On Monday 30 August 2004 23:14, you wrote:
Maybe this has all been covered before, but since I haven't seen it,
I mentioned it a while back, I guess it wasn't picked up on
I haven't been here for a very long time... ;)
I figured this'd be a decent place to mention it. Don't want everyone getting lulled into a false sense of security. The hunter's a good step, but it'd have to be on read-only media to really trust it to run automatically.
Yep, and of course the secondary packages, like perl and whatever other executables it requires, along with a known-good glibc also needs to be on the read only medium. Just rkhunter alone isn't enough. Basically what you need is a rescue CD with everything on, boot from that and test your system, that's pretty much the only way you can be sure things haven't been altered
That's probably not a bad idea. It'd be pretty easy to do the "install to directory" minimal install in YaST, followed by something like "rpm -Uvh --root /new/system rkhunter.rpm" and the copy of that directory onto a CD or something. Can you specify a CD with a root filesystem as a grub target? I know you can specify a floppy... Not that there aren't a million bootable systems out there, but that seems somewhat easy to set up. --Danny
participants (1)
-
Danny Sauer