Thanks a lot!
>On RKHunter: I scanned with rkhunter the first time after
reinstalling
>it, and I got a warning for rkhunter itself:
>
>[15:13:26] Warning: The file properties have changed:
>[15:13:26] File: /usr/bin/rkhunter
>[15:13:26] Current inode: 2753106 Stored inode: 2760035
>Did you by any change update Rootkit Hunter or edit the file by
hand?
>The first time I installed it, I got different warnings
>/usr/bin/mail [ Warning ]
> /usr/bin/bsd-mailx [ Warning ]
>which disappeared since I removed Thunderbird.
>...as I said in the LQ thread: look at the log file, not the
output, for details.
I did re-install and update rkhunter before I scanned. I can't seem to
access the log file for the older scan results, if the log file is
rkhunter.log.old (well, newbie common sense says it is :)). There's
another log file, rkhunter.log.1, which I can't open either. I got
"Unable to determine program to run" messages whenever I do, and the
only other log file is the log file for the re-installed rkhunter.
I'll go look around for other ways to do this.
On Sunday, 20 November, 2011 at 11:25 PM, unsp...@hushmail.com
wrote:'lo,
On Sun, 20 Nov 2011 08:51:14 +0100 dollfacepers...@hushmail.com
wrote:
>I've been reading up on rootkits via Google, but there's so
>much on detection and removal and almost nothing on how they get
into
>a computer, or how much of a threat they are to Linux users - are
>new ones being created every year? Are they as rare as Linux
viruses?
Linux viruses (and I mean by definition of a virus and not
necessarily what Antivirus companies mark as such) are rarely seen
in the wild. Traditional rootkit usage (as far as I can see
evidence of it) has dwindled drastically. But even though softer
and easier targets exist like all sorts of bad programming,
misconfiguration and stale software running in the web stack, even
though the 2.6 kernel doesn't export required symbols anymore and
even though the diversity of Linux distributions they are still
used and some high profile ones, mostly Phalanx IIRC, have popped
up the past years.
>Are Linux servers more targeted than home users?
I think the question should be the reverse: does the machine
provide a certain value? Is it economical for a cracker to abuse
CPU, disk space, bandwidth or obtain credentials? If you look for
instance at the compromise of one of Hans Peter Anvin's machines
then that itself wasn't much of a deal (OK, apart from every
compromise being one too many) but then his access to kernel.org
definitely made it worth the trouble...
>I know they can be
>hidden in applications, but is installing them also as easy as,
say,
>clicking on a link or having a pop-up ad getting past your
defenses, or
>accidentally going to a site marked as red by WOT - and you're
still
>screwed even if you get out quickly?
While most problems stem from a (deliberate) lapse of common sense
I'd say that characterization of things stems more from having had
experience with The Other OS.
>On RKHunter: I scanned with rkhunter the first time after
reinstalling
>it, and I got a warning for rkhunter itself:
>
>[15:13:26] Warning: The file properties have changed:
>[15:13:26] File: /usr/bin/rkhunter
>[15:13:26] Current inode: 2753106 Stored inode: 2760035
Did you by any change update Rootkit Hunter or edit the file by
hand?
>The first time I installed it, I got different warnings
>/usr/bin/mail [ Warning ]
> /usr/bin/bsd-mailx [ Warning ]
>which disappeared since I removed Thunderbird.
...as I said in the LQ thread: look at the log file, not the
output, for details.
>What is an inode?
See http://en.wikipedia.org/wiki/Inode ?
>I'm reading the CERT Intruder Detection list and...is there a For
Dummies version of this?
No, not really. Just work your way through it and then ask
questions about it (it's not really a topic for this list) in the
LQ Linux Security forum.
Best regards,
unSpawn
---
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure
contains a definitive record of customers, application performance,
security threats, fraudulent activity, and more. Splunk takes this
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
