ubuntu at ubuntu at
Fri Jun 16 13:41:57 UTC 2006

Mario Vukelic wrote:
> On Fri, 2006-06-16 at 02:26 +0100, loell wrote:
>> rootkit detector
> Not reliable if the machine is in fact already compromised

That's why I always use tripwire on every machine.  The rootkit can't
modify the database (it's signed).  It might delete the tripwire
database, but that tells me the machine's been compromised, too.

More information about the ubuntu-users mailing list