Checking for Rootkits in a system
chkrootkit is a collection of tools to detect the presence of rootkits. chkrootkit uses C and shell scripts to perform a detailed process check, and scans systems binaries to detect kit signatures. Upon detection, in most cases, it can remove rootkits too.
The following lists the chkrootkit internal programs and what each of them do.
chkrootkit-Program Purpose
chkrootkit Main script to check for tampered
system files
strings.c Detects and performs string replacement
ifpromisc.c Checks network interface
for promiscuous mode
chklastlog.c,chkwtmp.c Checks if lastlog and wtmp
entries are deleted
chkproc.c,chkdirs.c Checks for Linux kernel
module-based Trojans
# md5sum chkrootkit.tat.gz
# tar -xvjf chkrootkit.tat.gz
# cd chkrootkit-*
# make sense
# ./chkrootkit
# ./chkrootkit -p /mnt/cdroam OR
# ./chkrootkit
chkrootkit tessts for the presence of certain rootkits,worms and trojans on your system. if you have been hacked it is a good first step to diagnosis.
Crond run chkrootkit hourly shoot in the mail administrator is ctechz@ctechz.com
# vi /etc/cron.hourly/chkrootkit.sh
#!/bin/bash
chkrootkit | mail -s “Hour chkrootkit from Servername” ctechz@ctechz.com
# chmod +x /etc/cron.hourly/chkrootkit.sh
chkrootkit is a collection of tools to detect the presence of rootkits. chkrootkit uses C and shell scripts to perform a detailed process check, and scans systems binaries to detect kit signatures. Upon detection, in most cases, it can remove rootkits too.
The following lists the chkrootkit internal programs and what each of them do.
chkrootkit-Program Purpose
chkrootkit Main script to check for tampered
system files
strings.c Detects and performs string replacement
ifpromisc.c Checks network interface
for promiscuous mode
chklastlog.c,chkwtmp.c Checks if lastlog and wtmp
entries are deleted
chkproc.c,chkdirs.c Checks for Linux kernel
module-based Trojans
# md5sum chkrootkit.tat.gz
# tar -xvjf chkrootkit.tat.gz
# cd chkrootkit-*
# make sense
# ./chkrootkit
# ./chkrootkit -p /mnt/cdroam OR
# ./chkrootkit
chkrootkit tessts for the presence of certain rootkits,worms and trojans on your system. if you have been hacked it is a good first step to diagnosis.
Crond run chkrootkit hourly shoot in the mail administrator is ctechz@ctechz.com
# vi /etc/cron.hourly/chkrootkit.sh
#!/bin/bash
chkrootkit | mail -s “Hour chkrootkit from Servername” ctechz@ctechz.com
# chmod +x /etc/cron.hourly/chkrootkit.sh
No comments:
Post a Comment