Is RKHunter still recommendable? Redditor says it's outdated and generates false positives

imthenachoman / How-To-Secure-A-Linux-Server

An evolving how-to guide for securing a Linux server.

Creative Commons Attribution Share Alike 4.0 International

17.25k stars 1.1k forks source link

Is RKHunter still recommendable? Redditor says it's outdated and generates false positives #68

Open danmanrana opened 3 years ago

danmanrana commented 3 years ago

Not sure if I'm allowed to link to Reddit on here but this is the comment in a thread I started. It gave me warnings for egrep, fgrep and which being scripts instead of binaries. Haven't verified if they actually are false positives but others have reported the same thing.

imthenachoman commented 3 years ago

Thanks. I will check it out. I have seen those other tools used in corporate environments. I don't know if they have a free tier for home/consumers. I'll do some research when I have time.

Are you still using rkhunter or something else now?

danmanrana commented 2 years ago

Haven't used it in a while as I haven't been using my server much, but some recommend not bothering with any antivirus (also because antiviruses aren't perfect and they say 'you' are the best antivirus) and simply regularly checking top to see if there are unfamiliar processes running. I wouldn't know how to tell what should be there and what shouldn't because I'm not familiar with every normal process's name. Maybe there's a master-list on some blog?