An OSSEC warning was triggered yesterday on an AWS instance. I made a
snapshot of the root volume of that instance.
On a separate, clean instance, I've mounted the snapshot as a read-only
volume. I am trying to analyze that volume. But I can't seem to find a
way to tell rkhunter "here, this is the image of another system, please
scan it for malware".
rkhunter used to have the -r option, but if I try it, it simply says
"The '-r' option is now deprecated." with no further explanation.
What is the current procedure for doing forensic analysis of a disk
snapshot of another system?
--
Florin Andrei
http://florin.myip.org/
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
