- Detecting Rootkits in Ubuntu system using Chkrootkit and Rkhunter

A rootkit is a program or set of programs used by an intruder to both hide their presence on a computer system and allow future access to that same system. A rootkit will usually either manipulate the data set the operating system relies on, or alter the execution flow of the operating system.

It is important you realize that rootkits are designed to be very stealth, meaning they are difficult to find or detect by normal means. Many rootkits have been so well written that their presence can go undetected for years. They are written by experienced individuals with an advanced level of programming knowledge far above that of the average virus or malware writer. A rootkit is not an exploit. It is what an attacker uses after an initial exploit to allow future undetected access to a compromised computer.

Chkrootkit:
chkrootkit is a tool to locally check for signs of a rootkit. It contains a chkrootkit: shell script that checks system binaries for rootkit modification.

Installation:
Open up the terminal and type the following command to install chkrootkit:
$ sudo apt-get install chkrootkit

Using chkrootkit:
Open up the terminal and type the command: $ sudo chkrootkit
This will perform all tests

Other Configurations:
If you want an automatic daily run of chkrootkit:
Open /etc/chkrootkit.conf and Replace RUN_DAILY="false" by RUN_DAILY="true"

If you also want a daily mailed report :
Open /etc/cron.daily/chkrootkit and replace '$CHKROOTKIT $RUN_DAILY_OPTS' by
'$CHKROOTKIT $RUN_DAILY_OPTS | mail -s '"\"Daily chkrootkit run from $HOSTNAME \"$YOUR_EMAIL_ADDRESS"'

Rkhunter:
Rootkit Hunter scans files and systems for known and unknown rootkits, backdoors, sniffers, and malware. The application consists of the main shell script, a few text-based databases, and optional Perl scripts. It can recognise and run external applications like 'skdet' and 'unhide'. It should run on almost every Unix clone.

Installation:
Open up the terminal and type the following command to install Rkhunter:
$ sudo apt-get install Rkhunter

Using Rkhunter:
Open up the terminal and type the command: $ sudo rkhunter --check
This will perform all tests

By default, the log file '/var/log/rkhunter.log' will be created. It will contain the results of the checks made by Rkhunter

The following command option causes rkhunter to check and download the later version of any of its text data files: $ sudo rkhunter --update

To see what other options can be used with rkhunter, enter: $ sudo rkhunter --help






source:http://linuxpoison.blogspot.com/2010/09/135781677514868.html

Labels

Web Search Gmail Google Docs Mobile YouTube Google Maps Google Chrome User interface Tips iGoogle Social Google Reader Traffic Making Devices cpp programming Ads Image Search Google Calendar tips dan trik Google Video Google Translate web programming Picasa Web Albums Blogger Google News Google Earth Yahoo Android Google Talk Google Plus Greasemonkey Security software download info Firefox extensions Google Toolbar Software OneBox Google Apps Google Suggest SEO Traffic tips Book Search API Acquisitions InOut Visualization Web Design Method for Getting Ultimate Traffic Webmasters Google Desktop How to Blogging Music Nostalgia orkut Google Chrome OS Google Contacts Google Notebook SQL programming Google Local Make Money Windows Live GDrive Google Gears April Fools Day Google Analytics Google Co-op visual basic Knowledge java programming Google Checkout Google Instant Google Bookmarks Google Phone Google Trends Web History mp3 download Easter Egg Google Profiles Blog Search Google Buzz Google Services Site Map for Ur Site game download games trick Google Pack Spam cerita hidup Picasa Product's Marketing Universal Search FeedBurner Google Groups Month in review Twitter Traffic AJAX Search Google Dictionary Google Sites Google Update Page Creator Game Google Finance Google Goggles Google Music file download Annoyances Froogle Google Base Google Latitude Google Voice Google Wave Google Health Google Scholar PlusBox SearchMash teknologi unik video download windows Facebook Traffic Social Media Marketing Yahoo Pipes Google Play Google Promos Google TV SketchUp WEB Domain WWW World Wide Service chord Improve Adsence Earning jurnalistik sistem operasi AdWords Traffic App Designing Tips and Tricks WEB Hosting linux How to Get Hosting Linux Kernel WEB Errors Writing Content award business communication ubuntu unik