On Wed, 2003-10-15 at 04:50, oxfordmusic.net wrote: > > oxfordmusic.net wrote: > > From cron where? > > > from root's crontab: > [root root] crontab -l > 03 0,12 * * * cd /usr/local/sbin; ./chkrootkit 2>&1 | mail -s "chkrootkit > output" myuser If I might interject here, I hope you've given serious consideration to how you're automating your chkrootkit scans. Chkrootkit is best used as a one-time only application: download the source, verify the checksum, compile, run, and analyze the results. You would also want to upload virgin binaries from a trusted/compatible source as well (see the README). Chkrootkit won't stop you from getting exploited, it will only attempt to analyze your system for signs of it. If you end up getting exploited at 00:05, there's nothing to stop the intruders from altering your instance of chkrootkit, rendering it useless. -- Jason Dixon, RHCE DixonGroup Consulting http://www.dixongroup.net -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
