The officially official Devuan Forum!

You are not logged in.

#1 2022-11-19 15:37:59

Altoid
Member
Registered: 2017-05-07
Posts: 1,107  

[SOLVED] System check/audit/rootkit tools

Hello:

Every so often and maybe not as regularly as I should, I run chkrootkit, rkhunterand lynis.
Always come up clean, or so it seems.

This is what I have installed:

~$ apt-cache policy chkrootkit && apt-cache policy rkhunter && apt-cache policy lynis
chkrootkit:
  Installed: 0.52-3+b10
  Candidate: 0.52-3+b10
  Version table:
 *** 0.52-3+b10 500
        500 http://deb.devuan.org/merged beowulf/main amd64 Packages
        100 /var/lib/dpkg/status
rkhunter:
  Installed: 1.4.6-5
  Candidate: 1.4.6-5
  Version table:
 *** 1.4.6-5 500
        500 http://deb.devuan.org/merged beowulf/main amd64 Packages
        500 http://deb.devuan.org/merged beowulf/main i386 Packages
        100 /var/lib/dpkg/status
lynis:
  Installed: 2.6.2-1
  Candidate: 2.6.2-1
  Version table:
 *** 2.6.2-1 500
        500 http://deb.devuan.org/merged beowulf/main amd64 Packages
        500 http://deb.devuan.org/merged beowulf/main i386 Packages
        100 /var/lib/dpkg/status
~$ 

Now, when I check available versions on-line I find that lynis seems to be the one with most active development, the latest version being 3.0.8 from last June while chkrootkit latest is at version 0.55 from June last year.

See https://cisofy.com/downloads/lynis/ and http://www.chkrootkit.org/

By comparison, rkhunter version 1.4.6 does not seem to have had any work done since 1.4.6 (2018).

See https://rkhunter.sourceforge.net/

My Beowulf installation runs on a backported kernel:

~$ uname -a
Linux devuan 5.10.0-0.deb10.16-amd64 #1 SMP Debian 5.10.127-2~bpo10+1 (2022-07-28) x86_64 GNU/Linux
~$ 

But there are no Beowulf backports to any of these tools, not even for lynis but the Chimaera repository has version 3.0.2-1 available.

Would it work on my backported system?
If so, how can I install it without making a mess?

Thanks in advance.

Best,

A.

Last edited by Altoid (2022-11-19 15:39:43)

Offline

#2 2022-11-19 16:07:28

steve_v
Member
Registered: 2018-01-11
Posts: 180  

Re: [SOLVED] System check/audit/rootkit tools

I don't have a beowulf install to play with right now... But lynis appears to have very few dependencies, so it should be amenable to a simple local backport. That's far less likely to make a mess than trying to install the chimarea binary package anyway.

The real question is why... Is there actually some change that you need, or is it just "newer must be better"?

OTOH, you could just dist-upgrade to stable. You're going to sooner or later, and this might be a suitable excuse to get on with it.


Once is happenstance. Twice is coincidence. Three times is enemy action. Four times is Official GNOME Policy.

Offline

#3 2022-11-19 16:39:38

Altoid
Member
Registered: 2017-05-07
Posts: 1,107  

Re: [SOLVED] System check/audit/rootkit tools

Hello:

steve_v wrote:

...lynis appears to have very few dependencies ...
... amenable to a simple local backport

Thanks for the heads up.
I'll check it out.

steve_v wrote:

... some change that you need ...

I really don't know if I need it.
Because I don't know how much the threat scenario has evolved.

If it has evolved (high probability), goes to reason that newer version would address it.

steve_v wrote:

... just "newer must be better"?

Me?  8^D
Been in this far too long for that.

steve_v wrote:

... could just dist-upgrade to stable.

Yes, I could.

But first I have to make 100% sure my nvidia cards will work properly and I will still be able to use slim and wicd, among other old stuff I have installed and then comfortably get rid of the POS that Xfce is slowly turning into to get myself a set up like what Phillip Newborough's #! Waldorf* was.

* which I think should be the default template for both Devuan desktop-live and installer-iso versions.

steve_v wrote:

... going to sooner or later ...

Yes, I know. 8^°

Thanks a lot for your input.

Best,

A.

Offline

#4 2022-11-19 19:01:20

Altoid
Member
Registered: 2017-05-07
Posts: 1,107  

Re: [SOLVED] System check/audit/rootkit tools

Hello:

steve_v wrote:

... appears to have very few dependencies ...
... less likely to make a mess than trying to install the chimarea binary package ...

I marked this thread as solved as I was able to update lynis without much ado or issues.
It runs properly as far as I can see, at least for the time being.

The solution is here.
Basically it involves importing a key and adding the CISOfy software repository to /etc/apt/sources.list.

Will eventually look into chkrootkit to see it the same thing can be done.
It looks like rkhunter has probably been abandoned so I will remove it.

Best,

A.

Offline

Board footer