Friday, 23 August 2013

How to install chkrootkit on centos

Checking for Rootkits in a system

chkrootkit is a collection of tools to detect the presence of rootkits.  chkrootkit uses C and shell scripts to perform a detailed process check, and scans systems binaries to detect kit signatures. Upon detection, in most cases, it can remove rootkits too.

The following lists the chkrootkit internal programs and what each of them do.

chkrootkit-Program         Purpose

chkrootkit          Main script to check for tampered

                     system files

strings.c           Detects and performs string replacement

ifpromisc.c         Checks network interface 

                     for promiscuous mode

chkwtmp.c  Checks if lastlog and wtmp
                           entries are deleted

chkproc.c,chkdirs.c  Checks for Linux kernel 
                         module-based Trojans

# md5sum chkrootkit.tat.gz

# tar -xvjf chkrootkit.tat.gz

# cd chkrootkit-*
# make sense
# ./chkrootkit

# ./chkrootkit -p /mnt/cdroam OR

# ./chkrootkit

chkrootkit tessts for the presence of certain rootkits,worms and trojans on your system. if you have been hacked it is a good first step to diagnosis.

Crond run chkrootkit hourly shoot in the mail administrator is

# vi /etc/cron.hourly/

chkrootkit | mail -s “Hour chkrootkit from Servername”

# chmod +x /etc/cron.hourly/

No comments:

Post a Comment