First, thanks for the amazing work you do with IPFire.
I have a question regarding hardening IPFire. One of the tools I use on other systems is rkhunter. I also found this description wiki.ipfire[dot]org/optimization/start/security_hardening/rkhunter on how to install it on IPFire. However, doesn’t it make sense to integrate it also as an add-on into Pakfire?
Thanks in advance for any answers.
EDIT: the add-on rkhunter was removed many Core Updates ago…
Sorry to say the rootkit / rkhunter Wiki page is something that should have been deleted a couple of years ago. rootkit / rkhunter is not an official IPFire add-on. And it looks like it hasn’t been updated by the developer since February 2018.
@jon thank you for your quick reply, and I’m happy to be here in the Community.
I have just checked http://www.chkrootkit.org/, and they have their last release in December 2020. Might that be an option? Or any other rootkit checker or a good reason why none is necessary.
I’m not sure why rootkit would or would not be needed. I’ve never used one. I am guessing the chkrootkit would need to have an “open” software license.
Hopefully someone else will stop by that can answer the questions better than I can…
Thank you for your answer. I will check out the article you sent. I actually installed Lynis which also recommended installing a rootkit detector. It seems more like a tool to harden the system (as you mentioned).
Anyway, your answer answered my question.
I also wanted to ask about auditd integration, but I guess it is better to make a new thread for that?