On 2017-10-02 15:09, John Horne wrote:
On Mon, 2017-10-02 at 14:31 -0700, Florin Andrei wrote:
rkhunter used to have the -r option, but if I try it, it simply says
"The '-r' option is now deprecated." with no further explanation.
Because it is not really possible to set up RKH to scan other system
types.
When the option was available it did not work at all well, so it was
best to
remove it.
All our instances are generated from the same image, so are the exact
same OS version.
Also, scanning a potentially compromised system from within the same
system - how can I ever really trust the results? All it takes is a
malicious module injected into the kernel and the attacker can basically
go "these are not the droids you are looking for".
--
Florin Andrei
http://florin.myip.org/
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
