Mailinglist Archive: opensuse-security (320 mails)

< Previous Next >
chkrootkit and consorts
  • From: Andreas Wagner <A.Wagner@xxxxxxxxxxxxxxxxxxxxx>
  • Date: Sat, 3 May 2003 18:19:30 +0200
  • Message-id: <20030503161930.GA2280@xxxxxxxxxxxxxxxxxxxxxx>
Hi list,
i have downloaded chkrootkit, check_ps and rkdet, but i have a hard
time in figuring out how (best) to use them. As far as you don't see
your own security compromised, i'd like to know some of your thoughts or
configurations of these tools...

1 - are any of the tools redundant and can be dropped (i think i
understood that the functionality of check_ps is provided by chkrootkit
as well which does even more...)?
2 - is any anti-rootkit tool missing (not speaking of tripwire etc.)?
3 - which of the tools should i have running deamonized?
4 - which files should i protect/have watched by rkdet?
5 - what do you think of the idea of creating and regularly running a
customized shellscript that would unzip the tools plus a set of trusted
binaries and then uses these instead of the always-installed ones? But
that would mean i had to make special setups/'make install's, wouldn't
it? and it wouldn't work with resident tools (rkdet) at all, right?

and so on, i could go on asking for hours, but i'll appreciate just
about any help.

TIA,
Andreas

--
To know recursion, you must first know recursion.

--
My Public PGP Keys:
1024 Bit DH/DSS: 0x869F81BA
768 Bit RSA: 0x1AD97BA5

< Previous Next >
Follow Ups