Mailinglist Archive: opensuse-security (320 mails)

< Previous Next >
AW: [suse-security] chkrootkit and consorts
  • From: "Ulrich Roth" <Roth@xxxxxxxxx>
  • Date: Mon, 5 May 2003 12:22:47 +0200
  • Message-id: <047D33E9F294624A972F6A6325C993C204A5F7@xxxxxxxxxxxxxxxxxxxxxxxxxx>
Hi Andreas,

> 3 - which of the tools should i have running deamonized?
I ran rkdet daemonized.

> 4 - which files should i protect/have watched by rkdet?
I added /usr/bin/lsof, /sbin/lsmod and /bin/df to xstrings.txt.

> 5 - what do you think of the idea of creating and regularly running a
> customized shellscript that would unzip the tools plus a
> set of trusted binaries and then uses these instead of the
> always-installed ones? But that would mean i had to make special
> setups/'make install's, wouldn't it? and it wouldn't work with resident
> tools (rkdet) at all, right?
I do this with tripwire. I compiled and installed it on the machines to be
checked as if it was a permanent installation. And now I copy the executable,
the config files and the database every night to the machines to be checked,
do the check and then delete the files again.
Ulrich Roth
IMPACT Business & Technology Consulting GmbH
Im Mediapark 8 / K├ÂlnTurm
D-50670 Koeln
Phone +49-221-93 70 80-29
Fax +49-221-93 70 80-15
E-Mail: roth@xxxxxxxxx

< Previous Next >
This Thread