¿Qué herramientas anti-rootkits usáis en vuestros servidores? Yo he probado chkrootkit y rkhunter, aunque al final utilizo rkhunter, que me parece un poco más completo
chkrootkit:
http://www.chkrootkit.org$ chkrootkit -l
/usr/sbin/chkrootkit: tests: aliens asp bindshell lkm rexedcs sniffer w55808 wted scalper slapper z2 chkutmp OSX_RSPLUG amd basename biff chfn chsh cron crontab date du dirname echo egrep env find fingerd gpm grep hdparm su ifconfig inetd inetdconf identd init killall ldsopreload login ls lsof mail mingetty netstat named passwd pidof pop2 pop3 ps pstree rpcinfo rlogind rshd slogin sendmail sshd syslogd tar tcpd tcpdump top telnetd timed traceroute vdir w write
rkhunter:
http://www.rootkit.nl/$ rkhunter --list
Available test names:
additional_rkts all apps attributes avail_modules deleted_files
filesystem group_accounts group_changes hashes hidden_procs immutable
known_rkts loaded_modules local_host malware network none
os_specific other_malware packet_cap_apps passwd_changes ports possible_rkt_files
possible_rkts possible_rkt_strings promisc properties rootkits running_procs
scripts shared_libs shared_libs_path startup_files startup_malware strings
suspscan system_commands system_configs trojans
Autor