rkhunter sshd warning
Patrick O'Callaghan
pocallaghan at gmail.com
Wed Mar 19 09:36:50 UTC 2014
On Wed, 2014-03-19 at 01:00 -0700, Wolfgang S. Rupprecht wrote:
> Patrick O'Callaghan <pocallaghan at gmail.com> writes:
> > On Sun, 2014-03-16 at 15:04 -0700, Wolfgang S. Rupprecht wrote:
> >> A clever intruder is just going to wait until a batch of changes
> goe
> >> out and then add their trojan.
> >
> > Of course you check the hash signatures on those downloads, right?
>
> Yes, but in a haphazard, infrequent manner. The whole point of
> me installing rkhunter was to automate detection of trojans. If I'm
> going to have to check the hashes myself, what is rkhunter bringing to
> the party?
Your earlier comment was about a possibly trojaned rkhunter. The way to
guard against that is by checking the hash of the checker. You don't
have to check every hash, but if you aren't checking the hash of
rkhunter itself, the whole exercise is more about feel-good security
than real security. Same applies to any security checking tool.
poc
More information about the users
mailing list