Security automation with rkhunter
Release Lags
If you examine the rkhunter project, you may notice that the latest release, version 1.4.6 was released two years ago. In addition, recent traffic on the project forums is rarely more than a few posts per month from only half a dozen people or so. Such evidence may lead you to wonder how current rkhunter is, and whether there is recent malware that it does not cover.
However, this concern seems to be groundless. A web search immediately reveals that the long time between releases has done little to stop rkhunter's use. After 14 years of development, rkhunter is a mature script, with a comprehensive awareness of different intrusion methods. Quite simply, there may be little left to add to rkhunter. Moreover, even if the current version does not cover a particular rootkit, rkhunter's other tests, such as changes in key files, can probably detect evidence of a new rootkit, if not the particular kit.
However, if this release schedule disturbs you, you may prefer to run an alternative such as chkrootkit. But while administrators should keep themselves aware of new rootkits, on the whole, rkhunter remains a useful tool, especially if you follow up on its checks and examine its log in detail. Use it in cautious but good health.
Infos
- Rootkit Hunter: http://rkhunter.sourceforge.net/
« Previous 1 2
Buy this article as PDF
(incl. VAT)