As an afterthought, what I would recommend, is taking a look at Zeppoo(
zeppoo.net). FYI, zeppoo is 2.6 only.
>From the docs:
"Zeppoo allows you to detect rootkits on the i386 architecture under Linux
by using /dev/kmem and /dev/mem. It can also detect hidden tasks, modules,
syscalls, some corrupted symbols, and hidden connections. Anti-Rootkits
which don't use these methods can be fooled easily."
Also of interest,
Bypassing Chkrootkit(translated):
http://translate.google.com/translate?u=http%3A%2F%2Fwww.zeppoo.net%2Farticles%2FBypasserChkrootkit&langpair=fr%7Cen&hl=en&ie=UTF-8&oe=UTF-8&prev=%2Flanguage_tools
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)