chkrootkir LKM Trojan ?
ubuntu at rio.vg
ubuntu at rio.vg
Tue Jul 18 20:26:31 UTC 2006
Brian McKee wrote:
> On 17/07/06, boricua <boricua at despiertapr.com> wrote:
>
>> how do u know rkhunter was not comprimise
>
> rkhunter does check itself as it's first step !
>
...
Think about that for a moment.
Let's say I write a rootkit that is rkhunter-aware. It searches out
rkhunter, and modifies it when found. What do you think my first change
to rkhunter will be?
More information about the ubuntu-users
mailing list