Posted by: Anonymous Coward
on April 09, 2004 07:59 PM
Rootkit detectors are certainly useful, but no matter what you have they cannot replace good sense.
If you're connected to the internet, a firewall is a given. If your server is not listening on anything, then you are at a very low risk. If you are listening, see if you can use your firewall to lock down your ports to a particular IP address or range and drop everything else. If you have a web server open, then look at partitioning this potential risk off and research chroot jails. Patching sometimes becomes important, because you are relying on that bit of software.
Research intrusion detection, and use rootkit detectors, but beware - they are not fullproof and can give false alarms or not raise the alarm when something is there. Browse your tmp, var and other filesystems every so often and look at the processes your server is running. Is there anything unusual there?
Software like rootkit finders and intrusion detectors are not a solution to anything.