Results 1 to 14 of 14
  1. #1

    ChRootkit and RKHunter

    I have installed RKHunter, but I have read much about chrootkit here. I also found a thread with advices to install both.

    My question is, do I need to install chrootkit if I already have rkhunter? Would it be too redundant since they pretty much do the same thing?

    Sam

  2. #2
    Greetings Sam:

    We recommend to our customers to use both; while the goal for both programs is the same, they go about it in different ways.

    We've seen cases where chkrootkit finds somehting rkhunter doesn't and vice versa.

    Thank you.
    ---
    Peter M. Abraham
    LinkedIn Profile

  3. #3
    Thanks, it's good to know.

    Sam

  4. #4
    Join Date
    Nov 2004
    Location
    India
    Posts
    1,100
    yup! 'dynamicnet' is right..it's advisable to use both the programs. BTW you can check the following url to learn more about the chkrootkit setup..

    http://www.webhostgear.com/index.php?art/id:25
    AssistanZ - Beyond Boundaries...
    Cloudstack Consultancy / 24x7 Web Hosting Support / 24x7 Server Management / Infrastructure Management Services
    Web & Mobile Apps Development / Web Designing Services / Php, Grails, Java Development

  5. #5
    the real Q is y do u want to run this tool?
    do u think theres a RK installed on ur servers?
    if so i think u sould start looking for the hole
    if u need any help al be glad to help you on that

  6. #6
    Thanks for the plugs...oops...thanks for the advices, guys!

    I don't have a hole....yet. Just wondering why more people talking about chrootkit, even though hkhunter seems to do the job, and even better.

    Sam

  7. #7
    Join Date
    Sep 2002
    Location
    Top Secret
    Posts
    11,687
    Originally posted by securehost
    the real Q is y do u want to run this tool?
    do u think theres a RK installed on ur servers?
    if so i think u sould start looking for the hole
    if u need any help al be glad to help you on that
    Why do you want to run this tool?
    That's got to be the craziest statement of the day, that I've seen so far.

    These two tools are imperative in the security area, and provide excellent layers of security for individuals. This isn't designed JUST for servers that have been attacked, owned, or whatever, this is designed to tell you if there's a problem, and to make sure you know what's going on with it.

    As far as rkhunter or chkrootkit? I don't use "both", they both pretty much do the same thing. I stick with rkhunter, as it's more accurate, and from what I've seen does a much more thorough job.
    WHMCS Guru - WHMCS addons, management, support and more.
    WHMCS Notifications Extended - Add slack, hipchat, SMS, pushover to WHMCS !!
    Always looking for Linux, WHMCS, Support Desk work. PM for details

  8. #8
    Hee hee hee hee,

    A mixed message again. I thought I would get a clearer opinion.

    The reason I asked was because I thought some people just tried to do everything that is posted on WHT for security and ended up installing both.

    Come on Linux-tech, these people are just out here fishing for a customer. Be kind to them. This is a fishing area anyway, isn't it? And his point is not that crazy. Years ago I did start to install the chkrootkit after I was hacked. I am sure we all learned by being hacked.

    Now I after earning some confidence, I am back to the world of un-managed servers. This time I am tring to be very careful. Who knows, like you guys, I might end up becoming expert and earn some server admin money on the side.

    Sam

  9. #9
    Join Date
    Sep 2002
    Location
    Canada
    Posts
    452
    chkrootkit at least on BSD is broken so badly, it is not worth using.

    I liked rkhunter, but so far no problems so I can't tell if it is really effective (I should run a test, eh!)

    however, I run both chkrootkit & rkhunter, but rkhunter should be more than sufficient
    Reliability Performance Integrity

  10. #10
    Good signature,

    "Integrity" is what really counts, isn't it?

    Sam

  11. #11
    Join Date
    Sep 2002
    Location
    Canada
    Posts
    452
    "Integrity" is what really counts, isn't it?
    If we have no integrity, we have no principles, right?

    Years ago I did start to install the chkrootkit after I was hacked. I am sure we all learned by being hacked.
    rkhunter nor chkrootkit nor an experienced admin can help you when you've already been hacked. The trick to security is to not be hacked in the first place.

    chkrootkit will let you know that you 'have already' been hacked, tough luck! You need solid security policies and active monitoring to minimize the possibility of being hacked
    Reliability Performance Integrity

  12. #12
    Join Date
    Sep 2002
    Location
    Top Secret
    Posts
    11,687
    This is a fishing area anyway, isn't it?
    Nope. To many it may appear to be so, but advertisers are not allowed to "fish" out of the advertisement areas (by fishing, I mean posting ads, respond with something like "we can help fix that").

    rkhunter nor chkrootkit nor an experienced admin can help you when you've already been hacked. The trick to security is to not be hacked in the first place.
    THAT is incorrect, I hate to say it.
    if you've run any online business for any time, you're going to get hacked, and of statement. The difference is KNOWING you're hacked, and how to recover from it, and the SPEED you recover from it.

    If you run any sort of online anything, it's going to be hacked, inevitably. yes, you can try to keep it from being so, but eventually, either through applications or something else, it's going to happen. The only guaranteed way to prevent it is to shut the server down, remove all cables, keyboard and monitor
    WHMCS Guru - WHMCS addons, management, support and more.
    WHMCS Notifications Extended - Add slack, hipchat, SMS, pushover to WHMCS !!
    Always looking for Linux, WHMCS, Support Desk work. PM for details

  13. #13
    chkrootkit will let you know that you 'have already' been hacked, tough luck!
    It serves as a fire alarm system, so that we can evacuate sooner, and start disaster recovery faster, before the datacenter pulls the plug because the hecker uses my server to send out packets to other servers in the datacenter.

    I have done most of the hardening and that's why I am here checking out what I havn't done yet. I still need to install snort.

    Sam

  14. #14
    but eventually, either through applications or something else, it's going to happen
    That's part of life in the wild wild web, isn't it?

    Sam

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •