WHMSupport .Com - WHM/cPanel English Support Platform » Security
Chkrootkit installation
WHM/cPanel Support Platform
| |||||||
 |
| | LinkBack | Thread Tools | Display Modes |
|
#1
08.11.07, 20:42
| ||||
| ||||
| Chkrootkit installation
Chkrootkit is a powerful tool to scan your Linux server for trojans. We'll show you how to install it, scan your server and setup a daily automated scanning job that emails you the report. Installing CHKROOTKIT Version 0.42b (Sept. 20 2003) SSH as admin to your server. DO NOT use telnet, it should be disabled anyways. #Change to root su - #Type the following wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz # Check the MD5 SUM of the download for security: ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.md5 md5sum chkrootkit.tar.gz #Unpack the tarball using the command tar xvzf chkrootkit.tar.gz #Change to the directory it created cd chkrootkit* #Compile by typing make sense #To use chkrootkit, just type the command ./chkrootkit #Everything it outputs should be 'not found' or 'not infected'... Important Note: If you see 'Checking `bindshell'... INFECTED (PORTS: 465)' read on. I'm running PortSentry/klaxon. What's wrong with the bindshell test? If you're running PortSentry/klaxon or another program that binds itself to unused ports probably chkrootkit will give you a false positive on the bindshell test (ports 114/tcp, 465/tcp, 511/tcp, 1008/tcp, 1524/tcp, 1999/tcp, 3879/tcp, 4369/tcp, 5665/tcp, 10008/tcp, 12321/tcp, 23132/tcp, 27374/tcp, 29364/tcp, 31336/tcp, 31337/tcp, 45454/tcp, 47017/tcp, 47889/tcp, 60001/tcp). #Now, cd .. #Then remove the .gz file rm chkrootkit.tar.gz Daily Automated System Scan that emails you a report While in SSH run the following: pico /etc/cron.daily/chkrootkit.sh Insert the following to the new file: #!/bin/bash cd /yourinstallpath/chkrootkit-0.42b/ ./chkrootkit | mail -s "Daily chkrootkit from Servername" admin@youremail.comImportant: 1. Replace 'yourinstallpath' with the actual path to where you unpacked Chkrootkit. 2. Change 'Servername' to the server your running so you know where it's coming from. 3. Change 'admin@youremail.com' to your actual email address where the script will mail you. Now save the file in SSH: Ctrl+X then type Y Change the file permissions so we can run it chmod 755 /etc/cron.daily/chkrootkit.sh Now if you like you can run a test report manually in SSH to see how it looks. cd /etc/cron.daily/ ./chkrootkit.sh You'll now receive a nice email with the report! This will now happen everyday so you don't have to run it manually. Thanks to S. Leggett
__________________ 1.)Lütfen destek talebinde bulunmak için msn messenger üzerinden iletişime geçmeyiniz. 2.)Ücretsiz destek almak için forum sayfalarımızı kullanmanız aynı sorunu yaşayan diğer üyelerin cevaplara en kısa sürede ulaşabilmesi ve sizlere yardımcı olmak isteyen bizlerin ve diğer üyelerimizin zaman kazanmaları açısından çok önemlidir. 3.)Forumlarımızda sorunlarınızı anlatırken mümkün olduğunca çok detay vermeniz en kısa sürede sorununuza çözüm bulmanız açısından mühimdir. Daha çok öğrenmek ve öğretmek dileğiyle.. Sevgiler.. The Platform.          |
|
| Thread Tools | |
| Display Modes | |
Linear Mode
| |
WHMDestek.Com © Nisan 2007 | Her Hakkı Saklıdır. | WHMDestek.Com © 2007 April | All rights reserved.
Lütfen, Alıntı yaparken kaynağı belirtmeyi unutmayınız. | Please dont forget to remember citing our name when quoting. (ybsg)
