Shashikant shah

Wednesday, 12 December 2012

Detect Rootkits in Your Linux Server

First, we need to know what is rootkits.Rootkits is a program to control your unix terminals usually root access,in Windows usually Administrator access without any authorization from the server owner.

So to securing your linux server 
We can using some software : Zeppoo , Chkrootkit or rkhunter

Zeppoo Software

Zeppo will detect rootkits on i386 and x86_64 architecture in linux using /dev/kmem and /dev/mem
this software also able to detect a hidden task, system call etc..

Chkrootkit Software

Chkrootkit will locally check for sign of any rootkits in your server.
To install it we can using repository in your linux distribution

#yum install chkrootkit
or
#apt-get install chkrootkit

To checking any suspected files/strings we can using

#chkrootkit -x | less

Note : we need to have root access to do above command

rkhunter software

1.rkhunter is a tools that able to scan your linux server something like backdoors, rootkits and other exploits.

2.rkhunter is a shell script that able to check your local sistem and detect known rootkits.

To install it we can using repository in your linux distribution


#yum install rkhunter or #apt-get install rkhunter

To checking we can using this command below

#rkhunter --check


Note For Chkrootkit and rkhunter we need to mount some external command such as awk, grep and others

#chkrootkit -p /mnt/safe
for chkrootkit

#rkhunter --check --bindir /mnt/safe
for rkhunter

No comments:

Post a Comment