rkhunter:
Rootkit Hunter scanner: is scanning tool to ensure you for about 99.9%* you're clean of nasty tools. This tool scans for rootkits, backdoors and local exploits by running tests like:
MD5 hash compare
- Look for default files used by rootkits
- Wrong file permissions for binaries
- Look for suspected strings in LKM and KLD modules
- Look for hidden files
- Optional scan within plaintext and binary files
Rootkit Hunter is released as GPL licensed project and free for everyone to use.
* No, not really 99.9%.. It's just another security layer
Installing rkhunter
# wget http://jaist.dl.sourceforge.net/sourceforge/rkhunter/rkhunter-1.3.0.tar.gz
# tar xvzf rkhunter-1.3.0.tar.gz
# cd rkhunter-1.3.0
# ./install.sh --layout default --install
# rkhunter --propupd
# rkhunter --check
chkrootkit:
chkrootkit: shell script that checks system binaries for rootkit modification.
The following tests are made:
aliens asp bindshell lkm rexedcs sniffer wted w55808 scalper slapper z2 amd basename biff chfn chsh cron date du dirname echo egrep env find fingerd gpm grep hdparm su ifconfig inetd inetdconf init identd killall ldsopreload login ls lsof mail mingetty netstat named passwd pidof pop2 pop3 ps pstree rpcinfo rlogind rshd slogin sendmail sshd syslogd tar tcpd tcpdump top telnetd timed traceroute vdir w write
Installing CHKROOTKIT
1. Login to your server as root. (SSH)
2. Down load the chkrootkit.
Type: wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz
3. Unpack the chkrootkit you just downloaded.
Type: tar xvzf chkrootkit.tar.gz
4. Change to new directory
Type: cd chkrootkit*
5. Compile chkrootkit
Type: make sense
6. Run chkrootkit
Type: ./chkrootkit
If it says "Checking `bindshell'... INFECTED (PORTS: 465)"This is normal and it is NOT really a virus.
Enjoy:)
0 comments:
Post a Comment