[clue-tech] Rootkit Hunter
mike
mikeb at wispertel.net
Fri Dec 31 10:08:50 MST 2004
It is also interesting that osiris has a Windows binary installer for
those who need to protect those Windows boxes.
I have also been testing Firestarter on my Debian System as and it
works well as a first line of defense. Look a the firewall rules it
sets up by default. Then tighten them down to personal specs. It
also has good docs.
http://www.fs-security.com/
-mike
> Jed S. Baer wrote:
>
>> Anyone used this?
>>
>> http://www.rootkit.nl/projects/rootkit_hunter.html
>>
>> At first glance, it sounds as if it'd be redundant with Tripwire. But
>> maybe multiple scanning tools would be good -- the "belt and suspenders"
>> approach.
>
>
> I haven't used it, but it's only a useful addition if it doesn't share
> failure modes with Tripwire. For example, if both run from cron and
> attackers typically disable Tripwire by disabling cron then you
> haven't really gained anything. Obviously that's simplistic but it's
> worth thinking about.
>
> I'd recently heard about osiris (http://osiris.shmoo.com/) as a better
> tripwire. Might be worth looking at.
>
> Dave
> _______________________________________________
> CLUE-tech mailing list
> CLUE-tech at clue.denver.co.us
> http://clue.denver.co.us/mailman/listinfo/clue-tech
>
>
More information about the clue-tech
mailing list