Hi all,
I would like to incorporate some rootkit-checking functionality that I've
written here: http://www.unixist.com/security/detecting-hidden-files.
The tool basically compares the userspace view of the filesystem with
kernel space. The main thing that makes it a bit better than other rootkit
hunters that search for the same hidden files is the fact that it reads the
disk raw. This is in contract to reading with things like getdents, stat,
etc.
There is a small amount of work yet to be done to make it suitable for
routine use like rkhunter is used currently (via cron). I've noted at least
one in the bitbucket issue tracker.
Thanks,
unixist
------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/13534_NeoTech
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
