Wednesday, December 9, 2015

linux - Anti-Rootkit programs




What program do you use for detecting Rootkits? How do you know what to trust?


Answer



On Unix-based systems, Tripwire is a good general "what changed on this machine today?" solution. There are other, more specific rootkit detectors out there, but I've always thought that it was a matter of playing catchup with the bad guys; you'll never be sure that your rootkit detector is up-to-date enough to catch all of 'em.


No comments:

Post a Comment

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...