You are not logged in.
- Topics: Active | Unanswered
#1 2022-11-19 15:37:59
- Altoid
- Member
- Registered: 2017-05-07
- Posts: 1,581
[SOLVED] System check/audit/rootkit tools
Hello:
Every so often and maybe not as regularly as I should, I run chkrootkit, rkhunterand lynis.
Always come up clean, or so it seems.
This is what I have installed:
~$ apt-cache policy chkrootkit && apt-cache policy rkhunter && apt-cache policy lynis
chkrootkit:
Installed: 0.52-3+b10
Candidate: 0.52-3+b10
Version table:
*** 0.52-3+b10 500
500 http://deb.devuan.org/merged beowulf/main amd64 Packages
100 /var/lib/dpkg/status
rkhunter:
Installed: 1.4.6-5
Candidate: 1.4.6-5
Version table:
*** 1.4.6-5 500
500 http://deb.devuan.org/merged beowulf/main amd64 Packages
500 http://deb.devuan.org/merged beowulf/main i386 Packages
100 /var/lib/dpkg/status
lynis:
Installed: 2.6.2-1
Candidate: 2.6.2-1
Version table:
*** 2.6.2-1 500
500 http://deb.devuan.org/merged beowulf/main amd64 Packages
500 http://deb.devuan.org/merged beowulf/main i386 Packages
100 /var/lib/dpkg/status
~$ Now, when I check available versions on-line I find that lynis seems to be the one with most active development, the latest version being 3.0.8 from last June while chkrootkit latest is at version 0.55 from June last year.
See https://cisofy.com/downloads/lynis/ and http://www.chkrootkit.org/
By comparison, rkhunter version 1.4.6 does not seem to have had any work done since 1.4.6 (2018).
See https://rkhunter.sourceforge.net/
My Beowulf installation runs on a backported kernel:
~$ uname -a
Linux devuan 5.10.0-0.deb10.16-amd64 #1 SMP Debian 5.10.127-2~bpo10+1 (2022-07-28) x86_64 GNU/Linux
~$ But there are no Beowulf backports to any of these tools, not even for lynis but the Chimaera repository has version 3.0.2-1 available.
Would it work on my backported system?
If so, how can I install it without making a mess?
Thanks in advance.
Best,
A.
Last edited by Altoid (2022-11-19 15:39:43)
Offline
#2 2022-11-19 16:07:28
- steve_v
- Member
- Registered: 2018-01-11
- Posts: 381
Re: [SOLVED] System check/audit/rootkit tools
I don't have a beowulf install to play with right now... But lynis appears to have very few dependencies, so it should be amenable to a simple local backport. That's far less likely to make a mess than trying to install the chimarea binary package anyway.
The real question is why... Is there actually some change that you need, or is it just "newer must be better"?
OTOH, you could just dist-upgrade to stable. You're going to sooner or later, and this might be a suitable excuse to get on with it.
Once is happenstance. Twice is coincidence. Three times is enemy action. Four times is Official GNOME Policy.
Offline
#3 2022-11-19 16:39:38
- Altoid
- Member
- Registered: 2017-05-07
- Posts: 1,581
Re: [SOLVED] System check/audit/rootkit tools
Hello:
...lynis appears to have very few dependencies ...
... amenable to a simple local backport
Thanks for the heads up.
I'll check it out.
... some change that you need ...
I really don't know if I need it.
Because I don't know how much the threat scenario has evolved.
If it has evolved (high probability), goes to reason that newer version would address it.
... just "newer must be better"?
Me? 8^D
Been in this far too long for that.
... could just dist-upgrade to stable.
Yes, I could.
But first I have to make 100% sure my nvidia cards will work properly and I will still be able to use slim and wicd, among other old stuff I have installed and then comfortably get rid of the POS that Xfce is slowly turning into to get myself a set up like what Phillip Newborough's #! Waldorf* was.
* which I think should be the default template for both Devuan desktop-live and installer-iso versions.
... going to sooner or later ...
Yes, I know. 8^°
Thanks a lot for your input.
Best,
A.
Offline
#4 2022-11-19 19:01:20
- Altoid
- Member
- Registered: 2017-05-07
- Posts: 1,581
Re: [SOLVED] System check/audit/rootkit tools
Hello:
... appears to have very few dependencies ...
... less likely to make a mess than trying to install the chimarea binary package ...
I marked this thread as solved as I was able to update lynis without much ado or issues.
It runs properly as far as I can see, at least for the time being.
The solution is here.
Basically it involves importing a key and adding the CISOfy software repository to /etc/apt/sources.list.
Will eventually look into chkrootkit to see it the same thing can be done.
It looks like rkhunter has probably been abandoned so I will remove it.
Best,
A.
Offline
