Rootkit signatures?

[Ted Roche]

Kenny Lussier wrote:
> The mandate actually isn't that intelligent. It was a broad statement
> of "You have to have anti-virus and anti-malware software on all of
> your servers", and when we wrote a compensating control that stated
> "This is not needed on Linux servers", someone Googled Linux +virus
> and found "rootkit". Thus, the mandate for "Anti-rootkit software"
> (and yes, that is what the audit sheet calls it...... )
>   
Kenny:

You might want to check out http://www.chkrootkit.org/ - the software is 
simple to install and run from cron (see the FAQs) and the site has 
"Related Links" to some good resources.

-- 
Ted Roche
Ted Roche & Associates, LLC
http://www.tedroche.com