Path: csiph.com!news.mixmin.net!news2.arglkargh.de!news.karotte.org!fu-berlin.de!bofh.it!news.nic.it!robomod
From: estellnb@elstel.org
Newsgroups: linux.debian.security
Subject: Re: What is the best free HIDS for Debian
Date: Sun, 08 May 2022 21:50:02 +0200
Message-ID: <EkV4K-e9Go-9@gated-at.bofh.it>
References: <EiJ7H-cKEs-3@gated-at.bofh.it> <Ejlwl-d9mK-1@gated-at.bofh.it> <Ek6EV-dDUf-5@gated-at.bofh.it> <Ek6Yh-dEgS-3@gated-at.bofh.it> <EkQRr-e7eu-5@gated-at.bofh.it> <EkQRr-e7eu-3@gated-at.bofh.it> <EkTPj-e92s-19@gated-at.bofh.it> <EkU8F-e98w-5@gated-at.bofh.it>
X-Original-To: Michael Lazin <microlaser@gmail.com>, Sylvain <ssecherre@free.fr>
X-Mailbox-Line: From debian-security-request@lists.debian.org  Sun May  8 19:45:55 2022
Old-Return-Path: <estellnb@elstel.org>
X-Amavis-Spam-Status: No, score=-7.809 tagged_above=-10000 required=5.3 tests=[BAYES_00=-2, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FOURLA=0.1, LDO_WHITELIST=-5, RCVD_IN_DNSWL_LOW=-0.7, T_SCC_BODY_TEXT_LINE=-0.01, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
X-Policyd-Weight: using cached result; rate:hard: -5.5
MIME-Version: 1.0
User-Agent: dotplex Roundcube Webmail
X-Sender: estellnb@elstel.org
Content-Type: text/plain; charset=US-ASCII; format=flowed
Content-Transfer-Encoding: 7bit
X-Mailing-List: <debian-security@lists.debian.org> archive/latest/29266
List-ID: <debian-security.lists.debian.org>
List-URL: <https://lists.debian.org/debian-security/>
List-Archive: https://lists.debian.org/msgid-search/baf40c33ad6fdd6ba4e24ee09fee972b@elstel.org
Approved: robomod@news.nic.it
Lines: 9
Organization: linux.* mail to news gateway
Sender: robomod@news.nic.it
X-Original-Cc: debian-security@lists.debian.org
X-Original-Date: Sun, 08 May 2022 21:45:40 +0200
X-Original-Message-ID: <baf40c33ad6fdd6ba4e24ee09fee972b@elstel.org>
X-Original-References: <62701ec7$0$18715$426a34cc@news.free.fr> <627260e6$0$24819$426a74cc@news.free.fr> <7848bfca-3955-dd96-3aff-f454d1e28315@elstel.org> <42898050-0dea-3cfb-3462-0a58452182e5@elstel.org> <Ek6Yh-dEgS-3@gated-at.bofh.it> <6277d936$0$22287$426a74cc@news.free.fr> <CALdcr8d8tq49E2+UE1khcb5YKKJP+FWTiLtnObQ7L5+afFJwxg@mail.gmail.com> <3269f6ada90bb33d1a672932ff4afc82@elstel.org>
Xref: csiph.com linux.debian.security:6114

Am 08.05.2022 20:43, schrieb estellnb@elstel.org:
> P.S.: A memory only rootkit would still need a hook to reinstall on a
> fresh boot.

   Yes I know it is an issue. Debcheckroot does f.i. not check you 
initrd. To fix this issue I would need to program an own piece of 
software like debcheckinitrd. Anyone who wants to support me can do 
this: https://www.elstel.org/Contact.html. I am a free developer and I 
do not get paid for my open source related work.