chkrootkit

Published by root on

Malware & Rootkit detection on Linux

 

Although the Linux system can be protected from the spread of most malware, it is not absolutely safe. If your data center erected a Linux server, especially the Web server, you should be on the rootkit Trojans and malicious software to prevent, because some of the data destruction class Rootkit is very dangerous, and the attacker once the invasion may be used after the site server malicious Software dissemination. How to eliminate such risks? One way is to use the correct security check tool.

chkrootkit

chkrootkit is a tool to locally check for signs of a rootkit, Worms and LKMs. It contains:

* chkrootkit: a shell script that checks system binaries forrootkit modification.

* ifpromisc.c: checks if the network interface is in promiscuous mode.

* chklastlog.c: checks for lastlog deletions.

* chkwtmp.c: checks for wtmp deletions.

* check_wtmpx.c: checks for wtmpx deletions. (Solaris only)

* chkproc.c: checks for signs of LKM trojans.

* chkdirs.c: checks for signs of LKM trojans.

* strings.c: quick and dirty strings replacement.

* chkutmp.c: checks for utmp deletions.

chkwtmp and chklastlog *try* to check for deleted entries in the wtmp and lastlog files, but it is *not* guaranteed that any modification will be detected.

Aliens tries to find sniffer logs and rootkit config files. It looks for some default file locations — so it is also not guaranteed it will succeed in all cases.

chkproc checks if /proc entries are hidden from ps and the readdir system call. This could be the indication of a LKM trojan. You can
also run this command with the -v option (verbose).

Installation

On debian/ubuntu, you simple type command

sudo apt-get install chkrootkit

 Usage

Open terminal, and type command

sudo chkrootkit

If there are some Rookit signs after the test, you can try to analyze the same, because some may be false positives. If there are other Rookit suspected reports, you will need to pay attention, carefully control the chkrootkit report analysis, find a solution problem, because the chkrootkit tool only provides detection, does not provide a solution or delete method.

Loading

Categories: Linux
Tags:

Related Posts

Linux

Chmod, file permission, and the octal notation

In this post we are going to discuss some of the Linux/Unix file system permissions. There are two basic commands for changing the ownership and permissions of a file system, namely, chmod and chown. In this post, we Read more…

Linux Tutorials

How to install nvidia drivers in Kali Linux

How to install nvidia drivers in Kali Linux   NVIDIA  Driver Install First of all I’m assuming being logged in under root and a clean install of kali 2017.2. Pre-requisites nano /etc/apt/sources.list Ensure that sources.list Read more…

Linux

KRACK : Critical Key Reinstallation Attack Against Widely-Used WPA2 Wi-Fi Protocol

Do you think your wireless network is secure because you’re using WPA2 encryption? If yes, think again! Security researchers have discovered several key management vulnerabilities in the core of Wi-Fi Protected Access II (WPA2) protocol Read more…