Rootkits
Rootkits are powerful tools to compromise computer systems without detection. Learn why virus scanners and desktop firewalls are not enough. Learn how attackers can get in and stay in for years, without detection. Their purpose is to hide.
Rootkits exist for a variety of operating systems, such as Linux, Solaris and versions of Microsoft Windows. Rootkits often modify parts of the operating system or install themselves as drivers or kernel modules.
Rootkit Scanner
Chkrootkit is a powerful tool to scan your Linux server for trojans. I'll show you how to install it, scan your server and setup a daily automated scanning job that emails you the report.
Installation
OS = Fedora Core 4
Version = chkrootkit-0.47-1.fc4
SSH as regular user to your server. DO NOT use telnet, it should be disabled anyways.
Change to root:
$ su -
Type the following:
# yum -y install chkrootkit
To use chkrootkit, just type the command:
# chkrootkit
Daily Automated System Scan that emails you a report
While in SSH run the following:
# vi /etc/cron.daily/chkrootkit.sh
Insert the following to the new file:
#!/bin/bash
cd /yourinstallpath/chkrootkit-0.42b/
./chkrootkit | mail -s "Daily chkrootkit from Servername" admin@youremail.com
Important:
1. Replace 'yourinstallpath' with the actual path to where you install Chkrootkit.
2. Change 'Servername' to the server your running so you know where it's coming from.
3. Change 'admin@youremail.com' to your actual email address where the script will mail you.
Now save the file in SSH:
ESC then colon (:) then Ctrl+X then ENTER
Change the file permissions so we can run it:
# chmod 755 /etc/cron.daily/chkrootkit.sh
Now if you like you can run a test report manually in SSH to see how it looks.
# cd /etc/cron.daily/
# ./chkrootkit.sh
You'll now receive a nice email with the report! This will now happen everyday so you don't have to run it manually.
No comments:
Post a Comment