Blogger Indonesia SetyaPutra.Org

How to locally checks for signs of a rootkit

April 4th, 2010 | 1 Comment | Posted in Trial & Review

One tool that important for linux server to locally checks for signs of a rootkit is CHKROOTKIT. It contains chkrootkit: a shell script that checks system binaries for rootkit modification; ifpromisc.c: checks if the network interface is in promiscuous mode; chklastlog.c: checks for lastlog deletions; chkwtmp.c: checks for wtmp deletions; check_wtmpx.c: checks for wtmpx deletions (Solaris only); chkproc.c: checks for signs of LKM trojans; chkdirs.c: checks for signs of LKM trojans; strings.c: quick and dirty strings replacement; chkutmp.c: checks for utmp deletions.

Chkwtmp and chklastlog *try* to check for deleted entries in the wtmp and lastlog files, but it is *not* guaranteed that any modification will be detected. Aliens tries to find sniffer logs and rootkit config files. It looks for some default file locations — so it is also not guaranteed it will succeed in all cases.

Chkproc checks if /proc entries are hidden from ps and the readdir system call. This could be the indication of a LKM trojan. You can also run this command with the -v option (verbose).

How to Install

Login to your server as root. (SSH)
Down load the chkrootkit.
Type: wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz
Unpack the chkrootkit you just downloaded.
Type: tar xvzf chkrootkit.tar.gz
Change to new directory
Type: cd chkrootkit*
Compile chkrootkit
Type: make sense
Run chkrootkit
Type: ./chkrootkit

If it says “Checking `bindshell’… INFECTED (PORTS: 465)”
This is normal and it is NOT really a virus.

Leave a Reply 5351 views, 12 so far today |

Tags: chkrootkit, linux, rootkit, server, webmaster, webserver

Follow Discussion

One Response to “How to locally checks for signs of a rootkit”

Blog Pemula Says:
August 27th, 2010 at 11:50 pm
Nice post + nice info..it’s cool article

Salam Kenal. <strong><a href=”http://blog.mouzella.com”>Blog Pemula</a></strong>

Rules: This site uses KeywordLuv. Enter YourName@YourKeywords and KeywordLuv will use YourKeywords as the anchor text. No inappropriate or offensive comments. No links to inappropriate or offensive sites. Comments must contribute to the discussion.

Ask2Link – the way of advertisement

If you blog, you probably try to make money from contextual advertisement such as Google Adsense. I recently signed up with Ask2Link to sell non-intrusive text based (links) ads on my website. With Ask2Link, advertisers can purchase plain text ads on your website. Ask2Link is a web advertising company located in San Francisco Bay Area, [...]

How do I get a merchant account ?

If you have an Internet store or own a retail e-commerce website, you will need online credit card processing. With the help of an online merchant account and credit card payment gateway, you can give your customers the option to purchase goods with the click of the mouse, at any time, day or night. A [...]

Can I accept credit cards in “real-time” through my web site?

This question always said to me when someone ask me to create e-commerce website. And the answer is yes, you can. A lot of merchant solution offer by payment systems company on the internet will help you to get an account with them and use their tools to build e-commerce website. I recommend Prodigy Payment Systems [...]

Good News for Indonesian Adsenser, Western Union Quick Cash

This morning i have received email from Google AdSense announce that Western Union Quick Cash is now accepted as a new payment method for Indonesia. Western Union Quick Cash is a payment method that lets you receive your payments from abroad in cash using the worldwide Western Union money transfer service. Google AdSense said that [...]

In-Text Advertisement with Infolinks

What is In-Text Advertising? In-Text advertising inserts text link advertisements within the content of your website, usually in the form of double-underline hyperlinks. Upon a hover of the mouse, a floating informational bubble opens with content from an advertiser. If clicked, the visitor is directed to the advertiser’s landing page and you earn advertising revenue; [...]

Obeus.com Affiliate Program

Obeus.com Affiliate Program was designed to increase popularity of Obeus.com pay-per-click advertising services. That means that Obeus.com pays you for its advertising. When you register at Obeus.com as publisher, you take part in Affiliate Program automatically. If you are an advertiser, you can take part in Affiliate Program with help of your Referral Link Obeus.com [...]

Sell Text Links with BackLinks.com

If you have web pages with PageRank and would like to sell text links on them but don’t have the time to do it yourself, BackLinks.com now offers a service where we will find buyers for the text links on your web pages, manage the link inventory and process payments. Each month you will receive [...]

Make Money From Your Blog with Ask2Link

You can generate easy, additional revenue from your website by selling non-intrusive, simple text link ads. Selling advertising space on your website allows you to generate additional revenue, and with Ask2link’s text link ads, you will not annoy your visitors with obnoxious banner/graphic ads. And you don’t have to worry about CPM, CPC, or others [...]

Mencairkan Cek Google Adsense di Blitar

Setelah terbiasa mencairkan cek Google Adsense di Citibank Surabaya dekat Gramedia (Jl. Basuki Rahmad Surabaya), saya pikir biaya untuk bolak-balik Blitar-Surabaya mahal juga. Kalau naik mobil sendiri untuk bensin bisa habis 300 ribu. Meskipun syaratnya mudah tapi dari sisi biaya mahal juga. Kalau di Citibank syaratnya hanya bayar Rp. 100.000,- di awal, foto copy KTP [...]

About SetyaPutra.Org

Lecturer, Hosting Entrepreneur, Independent IT Consultant and Trainer. I’m passionate about my profession, my work, and the things that interest me, which naturally makes me passionate about opensource as well. The entire articles here can be distributed freely as long as YOU keep mentioning the name and URL to the full article at SetyaPutra.Org

Updated Post

BackLinks

My Affiliate Zone
My Community
My Friends
My Office
My Projects
My Reading
SEO Tracking

View blog authority
Spam Blocked

148,217 spam comments blocked by
Akismet

Who’s Online

2 Users Online

Stories and articles about Application, Blogosphere, Internet World, and Online Business

How to locally checks for signs of a rootkit

One Response to “How to locally checks for signs of a rootkit”

Leave a Reply

Ask2Link – the way of advertisement

How do I get a merchant account ?

Can I accept credit cards in “real-time” through my web site?

Good News for Indonesian Adsenser, Western Union Quick Cash

In-Text Advertisement with Infolinks

Obeus.com Affiliate Program

Sell Text Links with BackLinks.com

Make Money From Your Blog with Ask2Link

Mencairkan Cek Google Adsense di Blitar

About SetyaPutra.Org

Recent Post

Popular Post

Updated Post

Categories

Archives

Tag Cloud

BackLinks

My Affiliate Zone

My Community

My Friends

My Office

My Projects

My Reading

SEO Tracking

Spam Blocked

Who’s Online

Recent Post

Most Popular

Popular Today