Re: [Rkhunter-users] root kit not found when run with uninitialised db
Brought to you by:
dogsbody
From: 'lesleyb' <le...@he...> - 2014-02-11 10:47:42
|
On Sat, Feb 08, 2014 at 11:10:23PM +0000, John Horne wrote: > On Sat, 2014-02-08 at 22:11 +0000, 'lesleyb' wrote: > > > > I was thinking this would have at least identified any rootkit on the system > > but it came back with no rootkit found which didn't really validate my thoughts > > on the matter. Is it reasonable to assume that rkhunter, run without an > > initialised database, would still find recognised rootkits? > > > Yes. The database is only used for the file properties checks. > > Okay John, thanks for that. As the server was compromised there might be features that could be useful to add to rkhunter? How should I proceed ? Kind regards Lesley |