Bernd wrote " 7. Live-CD (Lentes, Bernd) is there a live cd with rootkit hunter ? How can i trust the output of rkh installed when i simultaneously think my system (which runs rkh) is compromised ? So i think a live cd with clean binaries should be the better tool."
Helmut says That's not impossible but difficult------ vote +1 but I have done it and built a remastered RIP live cd a few years ago. --"rkhunter first needs a run.. rkhunter --propupd" ---not quite true........you can run a scan such as .....rkhunter -c -sk and you can use a live cd to just scan your "mounted" hard drive for malware. but as Helmut says.......you would eventually need the properties database file on your live cd..... to compare and gain an advantage over just a simple scan. The RKH team were not overly excited by efforts in the live cd area in the past but I can check the mail its around 2008 and see what I can do if the mailing list is interested? Of course a live cd could be replaced with a usb stick, that is never inserted or mounted until the network is disconnected to run scans.......same principle. And you would have to look at how often you run software updates as that determines how often you either remaster a live cd or change the usb files. I would no longer be interested in remastering RIP live cd as I now remaster a debian live cd . I won't supply a link here as I have yet to remaster it for RKH purposes good luck ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
