Hi I checked another person's server for them recently. It had been root compromised and had no rootkit checkers or intrusion detection software installed to help diagnosis.
I installed rkhunter through the typical route for that system and ran it without initialising a database. I was thinking this would have at least identified any rootkit on the system but it came back with no rootkit found which didn't really validate my thoughts on the matter. Is it reasonable to assume that rkhunter, run without an initialised database, would still find recognised rootkits? Kind regards lesleyb ------------------------------------------------------------------------------ Managing the Performance of Cloud-Based Applications Take advantage of what the Cloud has to offer - Avoid Common Pitfalls. Read the Whitepaper. http://pubads.g.doubleclick.net/gampad/clk?id=121051231&iu=/4140/ostg.clktrk _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
