Hi, As Unhide maintainer, I would like to write a few words about. First, as a big supporter of open source I think it is really good having more choices to do the same thing. Moreover, I know Johan (he sent me some patches for Unhide) and I think he is a very skilled and smart person, and Unhide.rb is a great piece of software, so my intention is not start a flame-war.
One of the points that makes me think Rkhunter is better than Chkrootkit is the posibility of using external programs than re-implement the funcionality of these programs in other tools. Chkrootkit implements its own limited version of Unhide in the similar fashion of Unhide.rb (only PS / Proc if I recall). So, let me explain the reasons why I think this option was wrong for Chkrootkit: First of all, Unhide is a live project. If you read the changelog you can find that Unhide is improving more and more with new checks and new possibilities every new version. For example in the last update we have added a new check using Threads that makes the brute check almost impossible to bypass. In the next version (that will be released ASAP) we are going to add a new amazing reversing option to check if your /bin/ps is showing fake processes. Then, I think (please read this with absolutely respect, it is only my own opinion I don't want to say what you must do) rkhunter should focus in integrate more options from Unhide instead of trying to add a reduced version of Unhide. For example, Unhide is not only a process detector, it comes with other tool for tcp-checks. Of course, we are open to change Unhide in the form that make it more Rkhunter friendly, so please don't hesitate to send us feedback about it. Cheers, 2010/9/12 <unsp...@hushmail.com> > Hello all, > > A long time ago a feature request was made for inclusion of a > replacement for the "unhide" tool made in Ruby > (https://sourceforge.net/tracker/?func=detail&aid=2759279&group_id=1 > 55034&atid=794190<https://sourceforge.net/tracker/?func=detail&aid=2759279&group_id=1%0A55034&atid=794190>). > This version is availabe from > https://launchpad.net/unhide.rb and I'd like to see if anybody on > this list would be willing to test-drive it. > > You should be able to install Ruby and the tool yourself w/o > requiring help and run johanwalles' 'ps' test from the above > thread. Extra mana points for testing a common proces hiders like > say 'xhide'. > > > TIA, > unSpawn > --- > > > > ------------------------------------------------------------------------------ > Start uncovering the many advantages of virtual appliances > and start using them to simplify application deployment and > accelerate your shift to cloud computing > http://p.sf.net/sfu/novell-sfdev2dev > _______________________________________________ > Rkhunter-users mailing list > Rkhunter-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/rkhunter-users >
------------------------------------------------------------------------------ Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing http://p.sf.net/sfu/novell-sfdev2dev
_______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
