On 2011-11-11 12.22, John Horne wrote: > It is proposed that at the next release of rkhunter the '-r' > command-line option and the ROOTDIR config file option will be > deprecated. > > The code for these options has not really been maintained for quite some > time (past few years), and as such probably does not do what is > expected. The current code will be removed, and at some future time new > code written to provide similar options (once we have defined what the > options are and are not expected to do). > > If anyone is using either of these options in earnest, then please let > me know within the next few days.
oh no :-( I only just saw this email once I saw that rkhunter from Debian Wheeze did not have the same functionality as rkhunter from Debian Squeeze. I use the ROOTDIR option every day. I use it for 2 things, and I see no fix :-( (no fix while keep using rkhunter 1.4.x) 1) I have a backup server that uses pull rsync over SSH to pull backup all my servers and all data. Once I have transferred the new/changed data to the backup server, I use rkhunter and other tools to scan the backup for bad stuff. And yes, I did actually once see a compromise using this method, but the ISP that hosted the server did also notice that the machine was compromised. But now I can no longer use rkhunter for this :-( 2) I have Linux servers which uses a shared kernel virtualization approach, I use both Linux-Vserver and OpenVZ, but in both of them one can mount the guest filesystem on the virtualization host and then scan that from the "outside" rather than scanning it from inside the guest which possible could be compromised. But now I can no longer use rkhunter for this :-( When are the options coming back? JonB ------------------------------------------------------------------------------ Monitor your physical, virtual and cloud infrastructure from a single web console. Get in-depth insight into apps, servers, databases, vmware, SAP, cloud infrastructure, etc. Download 30-day Free Trial. Pricing starts from $795 for 25 servers or applications! http://p.sf.net/sfu/zoho_dev2dev_nov _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
