Rkhunter does find patterns of known rootkits but it also finds indicators like memory anomalies like I mentioned and it logs each file change from the install, this is why ideally you should install it in a fresh system. Thanks.
Michael Lazin On Sun, May 8, 2022 at 3:45 PM <estel...@elstel.org> wrote: > Am 08.05.2022 20:43, schrieb estel...@elstel.org: > > P.S.: A memory only rootkit would still need a hook to reinstall on a > > fresh boot. > > Yes I know it is an issue. Debcheckroot does f.i. not check you > initrd. To fix this issue I would need to program an own piece of > software like debcheckinitrd. Anyone who wants to support me can do > this: https://www.elstel.org/Contact.html. I am a free developer and I > do not get paid for my open source related work. > -- Michael Lazin .. τὸ γὰρ αὐτὸ νοεῖν ἐστίν τε καὶ εἶναι.