Rkhunter as IPFire AddOn?

Hi,

First, thanks for the amazing work you do with IPFire.

I have a question regarding hardening IPFire. One of the tools I use on other systems is rkhunter. I also found this description (wiki.ipfire.org - RootKit (rkhunter)) on how to install it on IPFire. However, doesn’t it make sense to integrate it also as an add-on into Pakfire?

Thanks in advance for any answers.

Hi Martin - Welcome to the IPFire Community!

Sorry to say the rootkit / rkhunter Wiki page is something that should have been deleted a couple of years ago. rootkit / rkhunter is not an official IPFire add-on. And it looks like it hasn’t been updated by the developer since February 2018.

2 Likes

@jon thank you for your quick reply, and I’m happy to be here in the Community.

I have just checked http://www.chkrootkit.org/, and they have their last release in December 2020. Might that be an option? Or any other rootkit checker or a good reason why none is necessary.

Thank you for any help.

I’m not sure why rootkit would or would not be needed. I’ve never used one. I am guessing the chkrootkit would need to have an “open” software license.

Hopefully someone else will stop by that can answer the questions better than I can…

Thank you for your answer. I quickly checked the license which can be found here: chkrootkit -- locally checks for signs of a rootkit and it looks free.

Let’s see if someone else can also give details about a possible integration.

Hi all,
since Core 142 a kernel rootkit protection has taking place in IPFires Core system with the kernel module signing → blog.ipfire.org - Feature Highlights: Kernel Rootkit Protection in Core Update 142 .
As a beneath info IPFire do also provides a auditing tool → wiki.ipfire.org - Lynis Addon which is not for such cases but as mentioned above, the system does it´s protection according the topic by itself.

Best,

Erik

3 Likes

Hi @ummeegge,

Thank you for your answer. I will check out the article you sent. I actually installed Lynis which also recommended installing a rootkit detector. It seems more like a tool to harden the system (as you mentioned).

Anyway, your answer answered my question.

I also wanted to ask about auditd integration, but I guess it is better to make a new thread for that?

Thanks again

yes please

1 Like