From owner-freebsd-security@FreeBSD.ORG  Mon Jan 14 18:36:49 2008
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 3EF9E16A417
	for <freebsd-security@freebsd.org>;
	Mon, 14 Jan 2008 18:36:49 +0000 (UTC)
	(envelope-from 000.fbsd@quip.cz)
Received: from elsa.codelab.cz (elsa.codelab.cz [82.208.36.70])
	by mx1.freebsd.org (Postfix) with ESMTP id EA61913C447
	for <freebsd-security@freebsd.org>;
	Mon, 14 Jan 2008 18:36:48 +0000 (UTC)
	(envelope-from 000.fbsd@quip.cz)
Received: from localhost (localhost.codelab.cz [127.0.0.1])
	by elsa.codelab.cz (Postfix) with ESMTP id 65C4019E023;
	Mon, 14 Jan 2008 19:21:14 +0100 (CET)
Received: from [192.168.1.2] (r3a200.net.upc.cz [213.220.192.200])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by elsa.codelab.cz (Postfix) with ESMTP id E776219E019;
	Mon, 14 Jan 2008 19:21:07 +0100 (CET)
Message-ID: <478BA818.2090103@quip.cz>
Date: Mon, 14 Jan 2008 19:21:12 +0100
From: Miroslav Lachman <000.fbsd@quip.cz>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US;
	rv:1.7.12) Gecko/20050915
X-Accept-Language: cz, cs, en, en-us
MIME-Version: 1.0
To: Jordi Espasa Clofent <jordi.espasa@opengea.org>
References: <478A84DD.3040205@opengea.org>
In-Reply-To: <478A84DD.3040205@opengea.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
Cc: freebsd-security@freebsd.org
Subject: Re: Anti-Rootkit app
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Jan 2008 18:36:49 -0000

Jordi Espasa Clofent wrote:

> Hi all,
> 
> I need to install an anti-rootkid in a lot of servers. I know that 
> there're several options: tripwire, aide, chkrootkit...
> 
> ¿What do you prefer?
> 
> Obviously, I have to define my needs:
> 
> - easy setup and configuration
> - actively developed

I am using security/rkhunter from ports. It is realy easy to setup and 
configure.
I have some local scripts for periodic reports which I plan to submit in 
to PR database.

Miroslav Lachman