chkrootkit (Check Rootkit) is a common Unix-based program intended to help system
administrators check their system for known rootkits. It is a shell script using common
UNIX/Linux tools like the strings and grep commands to search core system programs for signatures and for comparing a traversalof the /proc filesystem with the output of the ps (process status) command to look for discrepancies.
There are inherent limitations to the reliability
of any program that attempts to detect compromises (such as rootkits and computer
viruses). Newer rootkits may specifically attempt to detect and compromise copies of
the chkrootkit programs or take other measures to evade detection by them.
Follow these steps to install ChkRootKit :
cd /usr/local/src/
wget http://www.spenneberg.org/chkrootkit-mirror/files/chkrootkit.tar.gz
tar -xvzf chkrootkit.tar.gz
Change to new directory :
cd chkrootkit-* (select the version)
Compile chkrootkit :
make sense
Run chkrootkit :
./chkrootkit
To setup a daily scan report
-----------------------------
Load crontab :
crontab -e
Add this line to the top:
-----------------------------------------------------------------------------------
0 1 * * * (cd /usr/local/src/chkrootkit*; ./chkrootkit 2>&1 | mail -s “chkrootkit
output” email@domain.com)
-----------------------------------------------------------------------------------
administrators check their system for known rootkits. It is a shell script using common
UNIX/Linux tools like the strings and grep commands to search core system programs for signatures and for comparing a traversalof the /proc filesystem with the output of the ps (process status) command to look for discrepancies.
There are inherent limitations to the reliability
of any program that attempts to detect compromises (such as rootkits and computer
viruses). Newer rootkits may specifically attempt to detect and compromise copies of
the chkrootkit programs or take other measures to evade detection by them.
Follow these steps to install ChkRootKit :
cd /usr/local/src/
wget http://www.spenneberg.org/chkrootkit-mirror/files/chkrootkit.tar.gz
tar -xvzf chkrootkit.tar.gz
Change to new directory :
cd chkrootkit-* (select the version)
Compile chkrootkit :
make sense
Run chkrootkit :
./chkrootkit
To setup a daily scan report
-----------------------------
Load crontab :
crontab -e
Add this line to the top:
-----------------------------------------------------------------------------------
0 1 * * * (cd /usr/local/src/chkrootkit*; ./chkrootkit 2>&1 | mail -s “chkrootkit
output” email@domain.com)
-----------------------------------------------------------------------------------
No comments:
Post a Comment