Asking for RKHounter & Chkrootkit

Discuss open-source security software and projects

Moderators: scrumpy, Dave, leihog

Asking for RKHounter & Chkrootkit

Postby simby on Mon Jan 01, 2007 6:12 pm

Can you please add

RKHounter
http://rkhunter.sourceforge.net/

Rootkit Scans for Rootkits, Backdoors, and Local Exploits

Rootkit scanner is scanning tool that can give you 99.9% certainty that
your system is
clean of nasty tools. This tool scans for rootkits, backdoors, and local
exploits by running tests like:

* Comparing MD5 hashes
* Looking for default files used by rootkits
* Checking for wrong file permissions for binaries
* Looking for suspected strings in LKM and KLD modules
* Looking for hidden files
* Optionally scanning within plain text and binary files
* Checking software versions
* Testing applications

*************************************************************
Used to Check for Symptoms of Installed Root Kits
http://www.chkrootkit.org/

This is a set of tools that detect rootkit (a program that hides the
presence of attackers) symptoms on a system.

Rootkits can hide using kernel modules, but they always leave some small
traces that can be detected with this program.
However, it is always recommended that this program be used from a rescue
system or a system with a similar purpose.
simby
 
Posts: 62
Joined: Fri Aug 04, 2006 2:42 pm

RE: Asking for RKHounter & Chkrootkit

Postby MikeC on Tue Jan 02, 2007 11:27 am

Adding those packages to Engarde would be self defeating at best. A package that invasively probes security is going to be stopped from executing at the SElinux level, so in order to test your security, first you'll have to disable the security features that you're trying to test... See what I mean? Alternatively you may suggest setting up SE policies to allow running those tests with SE enabled. Not going to happen - that would be a huge weakness in one of the fundamental security layers of Engarde. If you want to pursue the idea you can open a bug report and we'll review the idea, but I don't think it will fly.
MikeC
 
Posts: 23
Joined: Mon Dec 18, 2006 12:23 pm

RE: Asking for RKHounter & Chkrootkit

Postby simby on Wed Jan 03, 2007 8:37 am

Ok, thanks for this reply :D
simby
 
Posts: 62
Joined: Fri Aug 04, 2006 2:42 pm

Re: Asking for RKHounter & Chkrootkit

Postby Dave on Sun Feb 21, 2010 2:10 pm

Guys,

I do agree with Mike's comment about it being self-defeating to try and run rkhunter. However, I would be interested in seeing what people find from running it and how we can improve! Perhaps there are other security scanners you would also like to see built?

I've put together an rkhunter package for you:

http://ftp.engardelinux.org/pub/engarde ... el/noarch/

Browse that directory and download the rkhunter package.

Please let me know how it works for you!

Best,
Dave
Dave
Site Admin
 
Posts: 107
Joined: Tue Jun 13, 2006 6:06 pm


Return to Secure Open Source. Free Software.

Who is online

Users browsing this forum: No registered users and 1 guest

cron