- The rootkit can hook the `kill()` syscall, network-related functions, and file listing operations in order to hide its activities and evade detection.
This should theoretically change the hash of the "kill" command leading to detection as a generic rootkit. The link you shared shows that this rootkit is a kernel module. Rkhunter does not check kernel modules by default but this would be a great feature. Thank you, Michael Lazin .. τὸ γὰρ αὐτὸ νοεῖν ἐστίν τε καὶ εἶναι. On Sun, Dec 10, 2023 at 3:23 PM Brent Clark <brentgclarkl...@gmail.com> wrote: > Good day Guys > > I came across this > > > https://arstechnica.com/security/2023/12/stealthy-linux-rootkit-found-in-the-wild-after-going-undetected-for-2-years/ > > Does rkhunter can detect / scan for > > Diamorphine > Suterusu > Rooty > > Regards > Brent > > > > _______________________________________________ > Rkhunter-users mailing list > Rkhunter-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/rkhunter-users >
_______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users