On Sat, 23 Feb 2013 16:46:37 +0100 "Xavier Guillot" <[email protected]> wrote: >First thanks for your work on RKHunter: since Chkrootkit seems no more >developed, RKH is the only opensource anti-rootkit software available on >Linux and still active.
You're right Chkrootkit doesn't seem to be actively developed. Strictly speaking RKH isn't the only tool around that inspects a system for symptoms of rootkits and malware though: OSSEC-HIDS has a rootkit-checking component (don't know the state development of that component is in though: diff commits?) and at the other end of the spectrum Samhain comes with a LKM to inspect certain kernel addresses. >I am wondering if there will be soon a new version of RKHunter, as >Unhide has made some changes recently: >http://www.unhide-forensics.info/?Linux:Download Thanks to John those changes were committed to CVS (http://rkhunter.cvs.sourceforge.net/viewvc/rkhunter/?view=tar) the week Jesus announced his changes. >And if yes, will it include signatures of new malwares discovered, like the SSHd Spam Exploit / libkeyutils.so.1.9 ? I updated RKH in CVS on the 16th and posted about the issue: http://www.linuxquestions.org/questions/blog/unspawn-2450/simple- clamav-sig-for-lib64-libkeyutils-so-1-9-contents-35316/. Also see https://isc.sans.edu/diary.html. Note this doesn't include the CalmAV sig as we haven't discussed offering it / using ClamAV as part of RKH. You can point to me for not having released a new version of RKH yet, though the CVS version should be usable until then. Cheers, unSpawn --- ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_feb _______________________________________________ Rkhunter-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/rkhunter-users
