[TriLUG] Security question
jeremyp at pobox.com
Tue Jun 12 07:37:45 EDT 2007
WA Brown wrote:
> On Monday 11 June 2007 7:41 pm, James Tuttle wrote:
> THATS IT!!!! chkroot. Thank you!!!!!
Do you really mean "ckrootkit" ? If so, this doesn't check for "changes
on a server" - it checks for known rootkits and other related problems,
and it must be kept updated to be effective. I'm not even sure it's a
viable project any more - the web site seems to be down and I haven't
heard it discussed in years. The latest version I can find on a mirror
site is almost a year old, and I'm sure rootkits have evolved since then.
Tripwire is a better option if you want to audit a server's files for
changes (combined with RPM's verify feature and other similar tools).
It requires a lot of care and feeding though.
I've got to wonder how security conscious you can be running Red Hat
Linux 9, however. Even the "Fedora Legacy" project stopped supporting
that a LONG time ago. If you aren't separately keeping up your external
facing daemons - Apache and SSL in particular - not to mention the
kernel - you could have some major problems.
More information about the TriLUG