> > On Fri, 22 Jun 2012 00:39:52 +0200 "Lentes, Bernd" > <[email protected]> wrote: > >It says rkhunter -r allow to specify a different root directory. > >But when i use it, rkhunter says -r is deprecated. Can i still use > >it ? Does it mean that the tests for rootkits are performed on the > >mounted drive i specify with -r ? > > Back in November 2011 us developers decided to remove the --rootdir > option for now *because nobody was actually using it* and rework it > later on. While I don't (in general want to) advocate using older > versions you could use 1.3.8 and decide what to do based on your > findings. Do let me know if you find something interesting that > isn't covered in the FAQ or false positives you find by the > solution for by searching the rkhunter-users mailing list archives. > >
Hi, i found a solution to examine a possibly compromised system with a live cd. I used an Ubuntu Live CD and installed rkhunter using the installer skript. I used the switch --layout customdir to install it in the disk of the suspicious system. Then i mounted all partitions from the suspicious system, and afterwards chroot to it. When i start now rkhunter, it examines the desired system. Fortunaly it didn't find anything. The method is a bit difficult, bu it's working. Bernd Helmholtz Zentrum München Deutsches Forschungszentrum für Gesundheit und Umwelt (GmbH) Ingolstädter Landstr. 1 85764 Neuherberg www.helmholtz-muenchen.de Aufsichtsratsvorsitzende: MinDir´in Bärbel Brumme-Bothe Geschäftsführer: Prof. Dr. Günther Wess und Dr. Nikolaus Blum Registergericht: Amtsgericht München HRB 6466 USt-IdNr: DE 129521671 ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Rkhunter-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/rkhunter-users
