View Full Version : Anti-Rootkit in Linux ?
Ocky
January 2nd, 2008, 11:12 AM
Is it less 'important' to have ARK software in Linux than in Windows ?
For Linux there seem to be 2 favourites viz. chkrootkit and Rootkit Hunter
with chrootkit seemingly more user friendly.
Linux users, have you installed either one or the other and if so
which one do you recommend - or would you say totally unnecessary
(reasons plse.)
Regards.
Mrkvonic
January 2nd, 2008, 12:19 PM
Hello,
Tried them both. You don't need them. Why?
Because you install software from official repositories. There's no reason for you to look for random sources or packages across the web. Everything comes neatly together in official repos. Sometimes you might download a thing here or there that is not included in the official repositories, but just stick to official sites of the programs in question, check sums and you'll be fine.
Mrk
Kerodo
January 2nd, 2008, 12:23 PM
Yep, agree 100% with Mrkvonic, there's just no need for any of that stuff in Linux.
Trespasser
January 2nd, 2008, 01:45 PM
About the only thing I install outside the repos of the distro I may be using at a given time is the latest version of Wine (from WineHQ) or the latest Ati driver from AMD's website (both very trustworthy).
Diver
January 2nd, 2008, 11:11 PM
Most attacks on Linux systems are on servers. The Linux desktop share is so small malware writers simply do not bother with it.
Ocky
January 3rd, 2008, 06:24 AM
Thanks for your posts. One thing I noticed in Ubuntu Linux is that
apparmor is installed and loaded in Gutsy (sudo apparmor_status).
However I am not sure what protection it specifically offers, and whether
or not one can/need configure it.
Kerodo
January 3rd, 2008, 06:27 PM
I know it comes installed in SuSE 10.3 by default, but I didn't know it was in Ubuntu 7.10 out of the box(?). News to me....
No idea how to do it, but I would think that it is configurable to some extent or other...
Ocky
January 4th, 2008, 05:24 AM
-{ Quote: "I know it comes installed in SuSE 10.3 by default, but I didn't know it was in Ubuntu 7.10 out of the box(?). News to me...." }-
http://en.wikipedia.org/wiki/AppArmor
-{ Quote: "AppArmor was first used in Immunix Linux 1998-2003. AppArmor was first made available in SUSE and openSUSE, and was first enabled by default in SUSE Linux Enterprise Server 10 and in openSUSE 10.1. AppArmor was first successfully ported/packaged for Ubuntu in April of 2007. AppArmor comes installed default in Ubuntu 7.10 Gutsy Gibbon, and will come as a part of the future release of Ubuntu 8.04." }-
https://help.ubuntu.com/community/AppArmor
As a newbie to anything Linux, I think better not touch it at this stage.
Just wondering whether the default profile config. provides certain
level of protection.
vBulletin® Copyright ©2000-2012, Jelsoft Enterprises Ltd.
Copyright ©2002 - 2012, Wilders Security Forums