> > If I might interject here, I hope you've given serious consideration to > how you're automating your chkrootkit scans. Chkrootkit is best used as > a one-time only application: download the source, verify the checksum, > compile, run, and analyze the results. You would also want to upload > virgin binaries from a trusted/compatible source as well (see the > README). > > Chkrootkit won't stop you from getting exploited, it will only attempt > to analyze your system for signs of it. If you end up getting exploited > at 00:05, there's nothing to stop the intruders from altering your > instance of chkrootkit, rendering it useless. > thanks for the heads up Jason, i'm aware the chkrootkit won't prevent detection and that it could be useless in the event of an exploit but i have had it installed on various servers in the past and it did actually alert me to the fact that we've been hacked on the one occasion when we had the misfortune to be hacked (luckily not seriously or maliciously). cheers andy -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
