Support

Forums

Contact Me

Download

Demo

You are here: Home Development Internet www security chkrootkit

chkrootkit

  • Print
Details
Category: security
Published on Friday, 20 July 2007 00:46
Written by Administrator
Hits: 8843
chkrootkit is a tool to locally check for signs of a rootkit. chkrootkit is a common unix-based program intended to help system administrators check their system for known rootkits. It works by using several mechanisms, including comparison of file signatures to known rootkits, checking for suspicious activity (processes listed in the proc filesystem but not in the output of the 'ps' command.
Log to the server with ssh as root user

Download chkrootkit.
# wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz

Unpack the chkrootkit you just downloaded.
# tar xvzf chkrootkit.tar.gz

go to that  directory
# cd chkrootkit

Compile
# make sense

Run
# chkrootkit

 
•Receive e-mail everyday with the result chkrootkit
For Root user
# crontab -e
For any user
# crontab -e -u username

and add
•0 3 * * * (./usr/sbin/chkrootkit 2>&1 | mail -s "chkrootkit output" -c  This email address is being protected from spambots. You need JavaScript enabled to view it. , This email address is being protected from spambots. You need JavaScript enabled to view it. This email address is being protected from spambots. You need JavaScript enabled to view it. )

* the correct path can be found with which chkrootkit
This will run chkrootkit at 3:00 am every day, and e-mail the output to  This email address is being protected from spambots. You need JavaScript enabled to view it. and copies to This email address is being protected from spambots. You need JavaScript enabled to view it. and This email address is being protected from spambots. You need JavaScript enabled to view it.

False alarms:
 "Checking `bindshell'... INFECTED (PORTS: 465)"  This is normal and  NOT really a rootkit.

Nota
If you ever get a positive alarm, you can try to remove the rootkit, but all professionals would advice you to reinstall the server from scratch, and restore a previous backup (that mean saving nothing from server as soon as the rootkit is revealed....)

Links
chkrootkit
You might also like:
The Appthority® App Report
47 days ago
The Appthority® App Report
The Appthority® App Report for February 2013 provides an overview of the security risks behind 10
CryptoParty Handbook v1.1 has been released
91 days ago
CryptoParty Handbook v1.1 has been released
CryptoParty is a grassroots global endeavor to introduce the basics of practical cryptography such
Virtualizes a Linux server on the fly with RSYNC
1739 days ago
Virtualizes a Linux server on the fly with RSYNC
  You'll need a lot of patience...Since there is no VMWARE Converter for Linux...My objec
How to Secure Your Windows Computer and Protect Your Privacy
1847 days ago
How to Secure Your Windows Computer and Protect Your Privacy
Anybody using internet should really read this article. While targeted at windows users, most of the
default thumbnail image alt
1908 days ago
Secure, Safe, Fast Linux Hosting
I know that Secure, Safe, Fast Linux Hosting sound silly as nothing can be fast and secure at the sa
Security made easy, automatic scan and update of your instal
2033 days ago
Security made easy, automatic scan and update of your instal
If you are on the paranoia side, and you better should, if you're using ebanking on an internet co
blog comments powered by Disqus

Donations

Thank You for supporting my work

Search

Donate

 
Amount in $USD:


(You are free to cancel at any time)

Most Read Tags

Feeds

Latest Tags

My OSS Projects at

Help Us & Leave Feedback!

We would love to hear from you! Be active! Write us now!

Recommended Site

Last articles

Follow via Facebook Follow via Twitter Follow via Google Follow via RSS