rkhunter - chkrootkit
Hi there
Wich one of those should we trust more?
We have one server with a issue in cron mails sent fron rkhunter jobs:
* MD5 scan
MD5 compared : 0
Incorrect MD5 checksums : 0
but no problem runnig it from prmpt.
chkrootkit say it found about 40 hidden processes from ps but that is just mysql porsesses
and stunnel.
Do not know wich one to trust n no 100% report
Rkhunter tends to be more reliable and certainly more often updated.
Run both (I do).
Check Rkhunter is up to date: we ran version which would not hash check files on our RHE3 boxes. Upgrading rkhunter - and suddenly hash checks started working properly for the first time. Of course, if it _was_ working correctly and is no longer and you haven't updated rkhunter and other systems (such as chkrootkit and tripwire and even /scripts/hackcheck) are reporting inconsistencies, then you've probably got a trojan/worm/virus on your machine which has deliberterly disabled Rkhunter to stop itself from being found...
LinkBack URL
About LinkBacks
Reply With Quote