This is a read-only archive. Find the latest Linux articles, documentation, and answers at the new!

Not a Silver Bullet

Posted by: Anonymous Coward on April 09, 2004 07:59 PM
Rootkit detectors are certainly useful, but no matter what you have they cannot replace good sense.

If you're connected to the internet, a firewall is a given. If your server is not listening on anything, then you are at a very low risk. If you are listening, see if you can use your firewall to lock down your ports to a particular IP address or range and drop everything else. If you have a web server open, then look at partitioning this potential risk off and research chroot jails. Patching sometimes becomes important, because you are relying on that bit of software.

Research intrusion detection, and use rootkit detectors, but beware - they are not fullproof and can give false alarms or not raise the alarm when something is there. Browse your tmp, var and other filesystems every so often and look at the processes your server is running. Is there anything unusual there?

Software like rootkit finders and intrusion detectors are not a solution to anything.


Return to Is there a rootkit hunter in your arsenal?