gpg: failed to create temporary file '/var/lib/lurker/.#lk0x56884100.hantslug.org.uk.474': Permission denied
gpg: keyblock resource '/var/lib/lurker/pubring.gpg': Permission denied
gpg: Signature made Thu Feb 7 11:01:06 2008 GMT
gpg: using DSA key 9111B5743CA26D44
gpg: Can't check signature: No public key
On Thu, 7 Feb 2008 08:55:43 +0000
Dr Adam J Trickett <adam.trickett@???> wrote:
> Somepeople build an AIDE database then brun it to a read-only
> medium, and run off that. I use a combination of aide,
> check root kit, rootkit hunter, and tiger all available in Debian
> Etch.
All excellent tools, but you should never install them from your
distributions repositories. If your system has been "rooted" then just
doing an "apt-get install chkrootkit" could mean your system is
grabbing a compromised package from another location. Additionally, a
"dpkg -i chkrootkit-blah.dpkg" could trigger the rootkit/malware to
replace critical parts of the package before they hit the filesystem.
Unlikely, but not impossible.
I know that chkrootkit is designed to be "standalone" - i.e. download
and run, no messing around with compilation/installation for exactly
this reason.
For the same reasons, never use an "already installed/downloaded" copy
of these tools if you suspect you've been 0wn3d.
Cheers,
/j
--
Jon Fautley RHCE, RHCX email: jfautley@???
Senior Consultant cell : +44 7841 558683
Global Professional Services
Red Hat UK, 200 Fowler Avenue, Farnborough, Hampshire, GU14 7JP
