On Sat, Nov 27, 2010 at 3:38 PM, Brian <[email protected]> wrote: > Your course of action will depend on the confidence you place in > rkhunter. Mine is zero, but if your reading of its reports is convincing > and you think it tells you anything important about your system your > only option is to reinstall. Not because there is anything untoward > about the server but because you you have entered a state of insecurity. > If chkrootkit was installed after your problems appeared its logs are > valueless.
IMHO, it's another tool in the toolbox. The secret is that you need to be using multiple tools, and employing them in such a way that if one is defeated, that action should set off at least one other one. > Then you could ask yourself: there are over 1,000 million computers on > the internet; why me? Easy target or low-hanging fruit. Scriptkiddies will tend to scan for a specific exploit, and scan large blocks of addresses. His server probably showed up in a scan. > > -- > To UNSUBSCRIBE, email to [email protected] > with a subject of "unsubscribe". Trouble? Contact [email protected] > Archive: http://lists.debian.org/20101127203853.gm20...@desktop > > -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
