[NTLUG:Discuss] chkrootkit
Russ
russ.barrows at gmail.com
Sat Oct 22 21:27:48 CDT 2005
I was able to locate rootkit at:
http://www.rootkit.nl/projects/rootkit_hunter.html/.
I haven't tried rkhunter. Instead, I tried the rootkit detection
that's part of Suse and came up with false positives. A HD wipe and
reinstall of Suse and another scan with the rootkit detection resulted
in the same two false positives. It was recommended that I try
rkhunter. Haven't been able to make time, yet.
On 10/22/05, Richard Geoffrion <ntlug at rain4us.net> wrote:
> Terry wrote:
>
> >Anyone have any experience using chkrootkit ?
> >
> >http://www.chkrootkit.org/
> >--
> ><><
> >
> >_______________________________________________
> >https://ntlug.org/mailman/listinfo/discuss
> >
> >
>
> OH yes... It works well. Fortunately I've only had it come up with a
> positive once. (Fortunately because it wasn't MY system that got
> r00t3d) For best results, it should be compiled on a known clean
> machine with um... static linked binaries...OR use the binaries off of a
> LIVE DISTRO. CD. I have the occasional hard time reaching the
> chkrootkit.org site, but other than that....
>
> --
> Richard
>
>
> _______________________________________________
> https://ntlug.org/mailman/listinfo/discuss
>
--
Russ
More information about the Discuss
mailing list