I believe it's better for rkhunter to be initialised on a fresh install, but I think it also checks for the existence of files known to be part of a rootkit. Admittedly of minor value.
The thing *not* to do with an infected system is initialise the rkhunter db. Lesley Yes but this is only the case when rkhunter was active before. AFAIK rkhunter itself has no signatures, it generates the initial checksumms on first start. Mit freundlichen Grüßen / best regards, Kevin Olbrich. Web: http://kevin-olbrich.de/ -- *Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind und/oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet.* Am 23.01.2014 um 00:22 schrieb NOKUBI Takatsugu <k...@daionet.gr.jp>: At Wed, 22 Jan 2014 19:47:27 +0700, Andika Triwidada wrote: On Wed, Jan 22, 2014 at 7:37 PM, Nico Angenon <n...@creaweb.fr> wrote: the same...no output.... could be hidden by rootkit :( I think so too. Could you try to use debsum and rkhunter? It would find cracked commands. -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87ob3338mc.wl%k...@daionet.gr.jp
