chkrootkir LKM Trojan ?

Dave S ubuntu at pusspaws.net
Tue Jul 18 06:55:11 UTC 2006


On Tuesday 18 July 2006 02:11, ubuntu at rio.vg wrote:
> boricua wrote:
> >>> Try rkhunter and see!
> >>
> >> Tried it - rkhunter says everything is OK ...mmm... erring to false +ve
> >> (Mops sweat from brow !)
> >
> > how do u know rkhunter was not comprimise
>
> Personally, I install tripwire on all my machines to make sure things
> like that don't get compromised...

I never installed tripwire because I thought it was overkill on a domestic 
system ... I am re-thinking.

At least it would give me a pretty definite answer as to wether my files have 
been tampered with. I assume you have to re-learn it after every update 
because md5 checksums will have altered ?

Dave




More information about the ubuntu-users mailing list