[EdLUG] Open source Security application - Lynis
Thomas Kluyver
thomas at kluyver.me.uk
Thu Jun 4 09:00:15 UTC 2020
On Thu, 4 Jun 2020, at 09:18, Mark Cairney wrote:
> We're using rkhunter <http://rkhunter.sourceforge.net/> on some of our
> boxes and I've also used chkrootkit <http://www.chkrootkit.org/> in the
> past.
> It does look like there are more modern/more actively developed
> alternatives nowadays so I'll have to investigate however both of these
> are well-known and tried-and-tested.
Does anyone have practical experience of these tools actually picking up rootkits after infection? What I got from the talk was that a well made rootkit has a lot of power to hide from tools trying to check for it directly on the system, and you can only reliably detect it if it's in a virtual machine and you can inspect it from outside. But maybe a lot of rootkits just aren't smart enough to hide themselves well?
chkrootkit.org appears to have a bunch of spam links added to the homepage, which... isn't a good look for a security tool.
Thomas
More information about the EdLUG
mailing list