Chkrootkit and Rkhunter – What other tools are capable and proper to diagnose risks and/or infections?

PREAMBLE

I’m on the internet for a while looking for the right security tools to locate and diagnose malware on Linux servers. Tools capable of doing system scans on Linux. Tools with capabilities and characteristics similar to Chkrootkit and Rkhunter.

I know that there are many tools to find malware like ClamAV, Linux Malware Detect (maldet), Sophos and Lynis. But most of these tools are intended for system hardening, file servers, email servers or shared hosted environments…

The only tools capable or proper to do system scans on Linux systems that I have found so far are Chkrootkit and Rkhunter, as we can see in a successful detection made by Chkrootkit in this thread https://unix.stackexchange.com/a/567413/61742 .

That is, the other tools are not able to deal with risks for the Linux system itself, such as detecting if the system is infected. In general they are only able to scan specific folders and tell you whether a file is dangerous or not and remove it.

Contrary to what is thought by many people, Linux is vulnerable to malware. Tools like Chkrootkit and Rkhunter play a very important role!

According to the good experiences I had with my servers in my infrastructure, the best way to find malware on Linux is to use several tools together as done in this tool that I made available to the community https://github.com/eduardolucioac/private_tux (BSD-3-Clause license) and that I use on my infrastructure daily.

Finally, I think this question is very relevant to the community, it needs to be done and it was done in the right place!

NOTE: I’m the author of Private_Tux and it has no commercial purposes (BSD-3-Clause license).


QUESTION

What other tools are capable and proper to diagnose risks and/or infections (malware) in the Linux system?

Are lower level illusion spells capable of producing illusions that animate passively?

Can lower level illusion spells, specifically minor illusion, silent image and major image, create an illusion that can passively animate itself without requiring any further input on your part?

There have been a couple of other Q&As about this but they don’t seem conclusive.

  • Can Minor Illusion create animated illusion to Follow a creature? – I answered this, but wasn’t able to find anything that specifically suggested that minor illusion or silent image can be passively animated, so I assumed they can’t be.
  • Is Silent Image animated if an action is not used to move it? – the top answer suggests that silent image at least needs your action to be able to do, but there are comments arguing the lack of RAW support:

    The phrasing in major image is almost identical. It says nothing about the image moving “passively”. – Szega Jun 22 ’18 at 8:50

I’m guessing the answer will be definitely no for minor illusion, probably no for silent image, but I’m not sure about major image, and in all 3 cases, I wouldn’t know how to prove these assertions from their respective spell descriptions.

In official Pathfinder lore, are there any examples of magic users capable of overwriting rules of magic spells completely?

Are there any magic users that are capable of overwriting magical laws to a degree that would be required to remove any limitations and completely perfect existing spells?

To be clear, I’m looking for a specific example of a caster in Pathfinder lore. Can be an NPC, divine, even a plain old human, anything goes as long as it’s from official lore.

For example, stone shield requires a large amount of earth, so it can’t be used on say a frozen lake. Ice spear melts and thus can’t be used as a permanent barrier save places like the arctic and wouldn’t last very long in hot areas such as the desert. Astral projection has the silver thread. There are very few ways to get around energy resistance short of changing the element. Even something like ignoring components or casting spells instantly would be a major improvement.

Can such a mage exist that is capable of making spells work perfectly with no weaknesses?

What kind of local information are desktop applications capable to retrieve (and use) from my computer?

I’d like to explain my question with an example.

I’ve already seen, on Windows, what kind of information the Steam application is sending online: time, place and device of the connection, time passed playing the games, payments, mail, numbers, etc. All this data looks related to the use of that precise application.

However, what is preventing my desktop app to just send any personal file – stored in my computer – to an online server? From my newbie point of view, once you installed an application, there could be a script which just reads all my files and sends them to the servers.

Let’s suppose Steam (but, again, it could be any app) wants to see the time in which I log in into my pc or the range of time I spend connected to the internet. What prevents my apps to just read all the logs locally stored in my pc?

I think you get the point. Thanks for reading.

Fingerprint mismatch only for 32-bit DLL linked statically to FIPS Capable OpenSSL

Appreciate any help on the following.

1) Built OpenSSL Fips Module and then ‘static binaries’ of FIPS capable OSSL which ‘statically link to the windows run-time’. Thus, my application binary (FipsApp.exe) does not depend on OSSL DLLs.

2) Consumed these static binaries namely (libeaycompat32.lib, libeayfips32.lib and ssleay32.lib) into myapp.dll using msincore.pl.

3) FipsApp.exe calls function foo() inside myapp.dll which executes FIPS_mode_set() which returns (100:error:2D06B06F:lib(45):func(107): reason (111):/FIPS/FIPS.c:232)

Result

1) On executing 64-bit FipsApp.exe, the FIPS mode gets set and working with 64-bit myapp.dll

2) But on executing 34-bit FipsApp.exe which uses 32-bit myapp.dll with same configuration, FIPS_mode_set() fails with reason 111 (Fingerprint mismatch)

Attempted

Since above 32-bit myapp.dll did not work, some additional configuration changes were made.

1) ReBuilt 32-bit myapp.dll with above LFLAGS “/DynamicBase:No /Fixed”. Here default base address gets used for myapp.dll

2) ReBuilt 32-bit myapp.dll with base address of 0xFB00000. (OSSL does same thing for FIPS dlls)

3) Checking out following http://openssl.6102.n7.nabble.com/FIPS-Static-Library-linked-into-Win32-Dll-builds-but-fails-self-test-td63011.html

But 32-bit myapp DLL does always fail with fingerprint mismatch.

Question

How do I get 32-bit myapp.dll working in FIPS mode? FIPS_mode_set() returns (100:error:2D06B06F:lib(45):func(107): reason (111):/FIPS/FIPS.c:232)

Thanks.

Can you maintain a grapple you are no longer capable of initiating?

How do the requirements to maintain a grapple contrast against the requirements for initiating a grapple? For example, if a paladin successfully initiates a grapple against an orc (using one free hand, per the rules), and the paladin subsequently uses both hands to grasp his greatsword to attack, does the orc cease to be Grappled?

In terms of storytelling, this could go either way; either the paladin must keep one hand on the orc, or the paladin is allowed to maintain an already-established grapple by (for example) hooking an arm or leg onto the orc.

The Rules

The rules require a free hand to start a grapple. The mental image is that the orc can’t walk away because the paladin used his hand to grab the orc. This can be intuitively extrapolated into the paladin maintaining the grapple with his hand, but the rules don’t explicitly say that this is what happens.

I added bold italics to the bits I found most important.

Grappling

When you want to grab a creature or wrestle with it, you can use the Attack action to make a special melee attack, a grapple. If you’re able to make multiple attacks with the Attack action, this attack replaces one of them.

The target of your grapple must be no more than one size larger than you, and it must be within your reach. Using at least one free hand, you try to seize the target by making a grapple check, a Strength (Athletics) check contested by the target’s Strength (Athletics) or Dexterity (Acrobatics) check (the target chooses the ability to use). If you succeed, you subject the target to the grappled condition (see appendix A). The condition specifies the things that end it, and you can release the target whenever you like (no action required).

Escaping a Grapple.

A grappled creature can use its action to escape. To do so, it must succeed on a Strength (Athletics) or Dexterity (Acrobatics) check contested by your Strength (Athletics) check.

Moving a Grappled Creature.

When you move, you can drag or carry the grappled creature with you, but your speed is halved, unless the creature is two or more sizes smaller than you. (PHB p.195)

The way I see it, there are two distinct concepts: there’s The Grappling procedure, and there’s the Grappled condition.

The first half of this text is describing the Grappling procedure. For example, this procedure has certain requirements (including a free hand).

Then comes the sentence, “If you succeed, you subject the target to the grappled condition.” This is the connection between the Grappling procedure and the Grappled condition. The Grappling procedure is how you apply the Grappled condition to a target.

The text that comes after “you subject the target to the grappled condition” is about the Grappled condition. I don’t believe the earlier text (about the grappling procedure) applies here– but even if I’m right, the text could have been written more clearly, perhaps by explicitly defining the difference between “Grappling” and “Grappled”.

In case anyone was hoping the “Grappled condition” rules would help clear this up, here’s from Appendix A: Conditions.

A condition lasts either until it is countered (the prone condition is countered by standing up, for example) or for a duration specified by the effect that imposed the condition (PHB p.290).

Note that, in the example given, the Prone condition is distinct from whatever event caused the Prone condition.

GRAPPLED

  • A grappled creature’s speed becomes 0,and it can’t benefit from any bonus to its speed.
  • The condition ends if the grappler is incapacitated (see the condition).
  • The condition also ends if an effect removes the grappled creature from the reach of the grappler or grappling effect, such as when a creature is hurled away by the thunderwave spell. (PHB p.290)

There’s no mention of the grappler losing all free hands, shrinking, or otherwise failing to satisfy grappling’s initial requirements. There is a mention of an incapacitated grappler automatically ending a grapple, but “Incapacitated” is a much more severe status than not having use of a free hand. I have some thoughts on what this means when I read between the lines– but these are game mechanics; if I’m reading between the lines to be able to obey them, I’m probably not providing a true RAW interpretation.

Going back to the paladin grappling an orc at the beginning, my best guess is that he can use his two-handed weapon without any problem, even though it means he can’t start a new grapple until he releases the weapon with one hand. He can also be polymorphed into a mouse and maintain the grapple, even though he won’t be able to initiate a new grapple due to size restrictions.

Is there a balancing issue giving a Wizard a wand capable of casting Illusory Script once per day?

Wizard expressed a desire for a magical wand that could cast the ritual spell Illusory Script without burning a spell slot/ritual slot. I though about giving a wand that can cast the spell once per day. Seems relatively fair for a magical item but not sure if there are any balance implications.

Can I measure time by counting frames and trusting on the ‘240 FPS’ that my iPhone 7+ slow motion camera is capable of record?

I’m using a slow motion video recorded using an iPhone 7+ to track something but would like to avoid recording a chronometer to know the time the process is taking. I need to measure about 10 seconds with an uncertainty of at most 0.1 s… Is this possible by just counting 2400 frames of my homemade video?