Kenny Lussier wrote: > Hi All, > > I have a mandate to install "anti-virus and anti-malware software on > all servers". Since all of our servers are Linux, this was further > clarified to mean "rootkit detection software". I have looked at > several rootkit detectors, and they all appear to be fairly old. My > guess is, it isn't really worth it, since a rootkit is going to be > personalized and customized to the system being attacked (but hey, > what do I know... :-) ). I have found a few apps that are essentially > just a list of files and directories that are common to some older > rootkits, and if anything in the list is found, it sets off the alert. > > I can do the same thing with Tripwire, which is already on every > system. What I am trying to do is either compile an extensive list of > rootkit properties, or subscribe to a rootkit signature feed (like a > Nessus feed). Does anyone know of the existence of either of these > things? > > TIA, > Kenny > _______________________________________________ > gnhlug-discuss mailing list > gnhlug-discuss@mail.gnhlug.org > http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ > >
Kenny, if you have a mandate to install anti-virus/anti-malware does that mean that whoever mandated this wants to scan all files on the servers for PC infections? Although these things typically have no effect on Linux systems they might be a problem for Windows boxes that are reading/writing files on the servers. If that is the case, ClamAV would be a good solution... -Alex _______________________________________________ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
