Alejandro Imass <ait <at> p2ee.org> writes:

> ...
> > What you should do right now is to get some recent general or security cd/dvd
> > with chkrootkit and rkhunter and run them from that external read-only media.
> > I would also suggest that you look over config files of all packages
> > involved.
> > jb
> >
>
> Thanks! Will do, but I don't know of any FreeBSD and/or derived
> distros for security. Or can I use any Linux security distro? I
> remember reading about some trouble of Linux chkrootkit on FBSD....

It looks like you have only one choice with prebuilt rkhunter package only:
http://www.freebsd.org/releases/9.0R/announce.html  

dvd1
This contains everything necessary to install the base FreeBSD operating system,
a collection of pre-built packages aimed at getting a graphical workstation up
and running. It also supports booting into a "livefs" based rescue mode. This
should be all you need if you can burn and use DVD-sized media.

ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/security/
rkhunter-1.3.8_1.tbz 04/18/12 18:56:00

With regard to verification of config  files - you said you got backups (those
pre-incident would be best) and you have the incident-time files, so do a diff
on dirs (in particular /etc and /usr/local/etc)

jb


_______________________________________________
freebsd-questions@free... mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@free..."