First, we need to know what is rootkits.Rootkits is a program to control your unix terminals usually root access,in Windows usually Administrator access without any authorization from the server owner.
So to securing your linux server
We can using some software : Zeppoo , Chkrootkit or rkhunter
Zeppoo Software
Zeppo will detect rootkits on i386 and x86_64 architecture in linux using /dev/kmem and /dev/mem
this software also able to detect a hidden task, system call etc..
Chkrootkit Software
Chkrootkit will locally check for sign of any rootkits in your server.
To install it we can using repository in your linux distribution
#yum install chkrootkit
or
#apt-get install chkrootkit
To checking any suspected files/strings we can using
#chkrootkit -x | less
Note : we need to have root access to do above command
rkhunter software
1.rkhunter is a tools that able to scan your linux server something like backdoors, rootkits and other exploits.
2.rkhunter is a shell script that able to check your local sistem and detect known rootkits.
To install it we can using repository in your linux distribution
#yum install rkhunter or #apt-get install rkhunter
To checking we can using this command below
#rkhunter --check
Note For Chkrootkit and rkhunter we need to mount some external command such as awk, grep and others
#chkrootkit -p /mnt/safe
for chkrootkit
#rkhunter --check --bindir /mnt/safe
for rkhunter
So to securing your linux server
We can using some software : Zeppoo , Chkrootkit or rkhunter
Zeppoo Software
Zeppo will detect rootkits on i386 and x86_64 architecture in linux using /dev/kmem and /dev/mem
this software also able to detect a hidden task, system call etc..
Chkrootkit Software
Chkrootkit will locally check for sign of any rootkits in your server.
To install it we can using repository in your linux distribution
#yum install chkrootkit
or
#apt-get install chkrootkit
To checking any suspected files/strings we can using
#chkrootkit -x | less
Note : we need to have root access to do above command
rkhunter software
1.rkhunter is a tools that able to scan your linux server something like backdoors, rootkits and other exploits.
2.rkhunter is a shell script that able to check your local sistem and detect known rootkits.
To install it we can using repository in your linux distribution
#yum install rkhunter or #apt-get install rkhunter
To checking we can using this command below
#rkhunter --check
Note For Chkrootkit and rkhunter we need to mount some external command such as awk, grep and others
#chkrootkit -p /mnt/safe
for chkrootkit
#rkhunter --check --bindir /mnt/safe
for rkhunter
No comments:
Post a Comment