Sid Boyce wrote: > Vahis wrote: >> Andreas Vetter wrote: >>> Hi, >>> >>> rkhunter has a new release 1.3.0 hosted on sourceforge: >>> http://rkhunter.sourceforge.net >>> >>> In factory we have rkhunter-1.2.9-12.44.noarch.rpm (according to >>> software.opensuse.org/search). >>> >>> Can we have the newer version please. The old rkhunter is does not >>> know about openSUSE 10.3 (10.2 and probably more). >>> >>> >> It would be nice to hear what you think rkhunter and the ones alike >> can do? >> >> I think its value is zero. No, it's less than that. >> > > Why? Because it keeps telling you that your box isn't infected? One > day may be something will slip through, needing attention, so far, so > good. > Regards > Sid. They are just scripts that try to find specific signs of specific indications of infestation.
They give false concerns (false alarms), and a false sense of well-being. They look for specific changes in certain files. If the root kit creator has like changed the name of such a file to whatever else the root kit won't be found. I'm sorry for not being able to provide you with a specific example right now because I gave up their use long ago, but I'm trying to come up with something. YMMV though :) -- Vahis --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
