[Wolves] chkrootkit command
David Goodwin
david at codepoets.co.uk
Wed Mar 16 22:54:18 GMT 2005
Mo Awkati wrote:
> Hi folk
>
> I read in LXF about chkrootkit command to check for
> "intruders".The advice was it can be used in place of
> an antivirus app. When I looked it up in YAST it
> recommended that it should be used as part of a rescue
> disk. Anyone used it? What are the pitfalls of just
> using it from the CL?
>
> Cheers
>
> Mo
>
Hi,
See http://www.chkrootkit.org
I would think chkrootkit is a means of detecting that a root kit is
installed on your PC. An antivirus app would hopefully protect you from
getting the root kit in the first place.
For what it's worth I run "chkrootkit -q" on all servers I have root
login on on a daily basis, just to be sure.
There is an alternative called rkhunter. I'm not sure how it compares to
chkrootkit, it's just in the back of my brain from somewhere.
chkrootkit has the advantage that it can run on a number of Unixes (e.g.
solaris, AIX etc and Linux), oh,... and it's free..
YaST is recommending you use it as part of a rescue cd, in that when
used from a rescue cd you know you have binaries (from the cd) which
haven't been tampered with (well - if they have, anyone who bought SuSE
woudl be in the sh1t), so if you're trying to verify if your system has
been comprimised it can use known safe binaries which will hopefully
work correctly (rather than those left behind by a root kit which would
tend to hide various things from you)
David.
David.
--
David Goodwin
[ david at codepoets dot co dot uk ]
[ http://www.codepoets.co.uk ]
More information about the Wolves
mailing list