Graag zou ik met een aantal mensen deze bovengenoemde software willen testen. Ze staan, met name rkhunter, bekend om hun false positives, en vreemde uitkomsten. Voor de beginners: het zijn zogenaamde rootkit searchers.
Ik zou mij graag eerst willen richten op rkhunter aan de hand van deze additionele informatie:
1) Before running RKH you will need to fill the file properties database by
running the following command:
rkhunter --propupd
of
sudo rkhunter --propupd
2) The first run of 'rkhunter' after installation may give some warning messages. Please see the FAQ file and the rkhunter mailing list archive posts for more details about this.
3) It is possible for a package manager database to become maliciously
corrupted. To that extent the use of the package manager options with RKH
does not provide any increase in security. However, it may result in less
false-positive warnings of files which have changed. As always RKH can only
report on changes, but not on what has caused the change.
4) Help your fellow Rootkit Hunter users on the rkhunter-users mailing list.
:
https://lists.sourceforge.net/lists/listinfo/rkhunter-usersSend a copy of an undetected rootkit to us so that it can be added and help others.
5) Intruder Detection Checklist". This is available from
http://web.archive.org/web/20080109214340/http://www.cert.org/tech_tips/intruder_detection_checklist.html6) Additionally, the '--versioncheck' option of rkhunter itself
will indicate if a new version is available.
Graag zou ik jullie logs willen zien hier. Zodat ik ze kan vergelijken, om zo eventuele repeterende foutmeldingen te kunnen analyseren.