[clue-tech] Rootkit Hunter
Chris Dos
chris at chrisdos.com
Fri Dec 31 09:53:13 MST 2004
Jed S. Baer wrote:
> Anyone used this?
>
> http://www.rootkit.nl/projects/rootkit_hunter.html
>
> At first glance, it sounds as if it'd be redundant with Tripwire. But
> maybe multiple scanning tools would be good -- the "belt and suspenders"
> approach.
>
> jed
I take care of a lot of servers and I happend to find this tool:
http://rfc.sourceforge.net/
I have one master server that connects to all of my other servers, performs
the checks on the other servers, and then e-mails me a report once a day.
Personally, I prefer AIDE over any other file system checker. Though all
the checkers that it provides I feel is much better than Tripwire. The
beauty of RFC is that it doesn't keep any database information on the
clients. It's only kept on the master server.
Chris
More information about the clue-tech
mailing list