I'm trying out both applications above - but they don't seem to be very helpful in narrowing down where they are seeing their particular alerts. Because both are giving different locations for alerts, I am thinking that they are pulling up false positives. However, I was curious about something: if I am getting alerts under one kernel version, wouldn't it be possible to just roll back the version to an uncorrupted kernel, delete/reinstall the updated kernel version, in order to easily circumvent confirmed rootkits?
I don't think I have one now - I was just curious as to whether this was a viable way to resolve rootkit issues (if one had multiple kernel versions available, that is).
I don't think I have one now - I was just curious as to whether this was a viable way to resolve rootkit issues (if one had multiple kernel versions available, that is).
Statistics: Posted by Priest_Apostate — 2023-12-19 23:58 — Replies 3 — Views 156