Hi, newbie and beginner here (to Linux, rkhunter, and computers in
general). I've been reading up on rootkits via Google, but there's so
much on detection and removal and almost nothing on how they get into
a computer, or how much of a threat they are to Linux users - are new
ones being created every year? Are they as rare as Linux viruses?. Are
Linux servers more targeted than home users? I know they can be hidden
in applications, but is installing them also as easy as, say, clicking
on a link or having a pop-up ad getting past your defenses, or
accidentally going to a site marked as red by WOT - and you're still
screwed even if you get out quickly?
On RKHunter: I scanned with rkhunter the first time after reinstalling
it, and I got a warning for rkhunter itself:
[15:13:26] Warning: The file properties have changed:
[15:13:26] File: /usr/bin/rkhunter
[15:13:26] Current inode: 2753106 Stored inode: 2760035
The first time I installed it, I got different warnings
/usr/bin/mail [ Warning ]
/usr/bin/bsd-mailx [ Warning
]
which disappeared since I removed Thunderbird.
What is an inode? I'm reading the CERT Intruder Detection list
and...is there a For Dummies version of this? Using Linux Mint 11, by
the way.
-persian
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure
contains a definitive record of customers, application performance,
security threats, fraudulent activity, and more. Splunk takes this
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
