@Kurt Ludikovsky (and
@Ales)
In general, there are two options :
a) install rkhunter separately and run it from the command line : this method will allow you to use the latest version of rkhunter
b) install rkhunter files in a separate map, make a backup of old Watchdog module files related to rkhunter and copy the new(er) files : this is rather elaborate work, but it can work
in theory - in the past, this theory has been a proven concept, but I cannot recommend it (due to the unnessary complexity of the whole process and specific tweaks).
Instead, you should be aware that
rkhunter is
not your best defense for detection intrusions - use an IDS (intrusion detection system), like
AIDE.
Just have a look at the possibilities, with the command :
apt-cache search intrusion
In addition, consider chkrootkit or
Lynis as an alternative to rkhunter : Lynis is sure to work better than rkhunter (and is less complex than AIDE).
In short, there are a lot of possibilities - but as always, even when chosing the best alternative,
the solution is just as good as the config.
And that is the problem of rkhunter ...... it is a bit unreliable, when not having set up the right config (which is rather dependent per system environment).
I would
really recommend that you
- use the rkhunter package, as shipped by default with Plesk,
- tweak the rkhunter config to fit exactly to your system environment - that is a challenge on it's own,
- add some other defense to your system - install chkrootkit, Lynis, AIDE or combination or all of them,
and keep every package in your system environment updated, every day and/or as soon as updates become available - this is the first line of defense!
Hope the above helps a (tiny) bit.
Regards.........
Facebook
Twitter
