[Rkhunter-users] making sense of rootkits and rkhunter
Brought to you by:
dogsbody
From: <dol...@hu...> - 2011-11-20 07:51:22
|
Hi, newbie and beginner here (to Linux, rkhunter, and computers in general). I've been reading up on rootkits via Google, but there's so much on detection and removal and almost nothing on how they get into a computer, or how much of a threat they are to Linux users - are new ones being created every year? Are they as rare as Linux viruses?. Are Linux servers more targeted than home users? I know they can be hidden in applications, but is installing them also as easy as, say, clicking on a link or having a pop-up ad getting past your defenses, or accidentally going to a site marked as red by WOT - and you're still screwed even if you get out quickly? On RKHunter: I scanned with rkhunter the first time after reinstalling it, and I got a warning for rkhunter itself: [15:13:26] Warning: The file properties have changed: [15:13:26] File: /usr/bin/rkhunter [15:13:26] Current inode: 2753106 Stored inode: 2760035 The first time I installed it, I got different warnings /usr/bin/mail [ Warning ] /usr/bin/bsd-mailx [ Warning ] which disappeared since I removed Thunderbird. What is an inode? I'm reading the CERT Intruder Detection list and...is there a For Dummies version of this? Using Linux Mint 11, by the way. -persian |