SECURITY: ROOTKIT
CHECKERS
A far bigger
danger to your Linux system then viruses are rootkits. Most of them
will be stopped entering your system by a decent firewall, but still a
regular check is strongly recommended.
Rootkits are self-hiding toolkits used by
blackhats/crackers/scriptkiddies to avoid the eye of the sysadmin.
A
rootkit scanner is scanning tool to ensure you are about 99.9% clean of
nasty tools. This tool scans for rootkits, backdoors and local exploits.
There are two tools I recommend:
chkrootkit (
http://www.chkrootkit.org
) is an easy to use tool, included in many distro's either installed by
default or on the install CDs.
Simply, as root, running:
will do the job.
rkhunter (
http://www.rootkit.nl
) is a tool that just does a bit more than only looking for rootkits,
it performs a system-wide check for vunerable files and dependencies on
your system:
- MD5 hash compare
- Look for default files used by rootkits
- Wrong file permissions for binaries
- Look for suspected strings in LKM and KLD modules
- Look for hidden files
- Optional scan within plaintext and binary files
The
install file is available as tarball and rpm and will be installed in
/usr/local/bin . . . . on some distro's you additionally need
"Perl-Digest-SHA1" for a succesful install.
Running the program:
More info ? See the thread on the forum:
http://forums.scotsnewsletter.com/index.ph...=ST&f=14&t=6506
Have FUN securing your system
Bruno
