1 / 7

Securing Your Server: Checking Rootkits with rkhunter and chkrootkit

Learn how to detect and remove rootkits on your Linux server using rkhunter and chkrootkit. Protect your system from unauthorized access and potential security threats.

stapp
Download Presentation

Securing Your Server: Checking Rootkits with rkhunter and chkrootkit

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Checking Rootkits with rkhunter and chkrootkit

  2. Rootkits • Software that is installed on your server with the purpose of hiding the fact that your server has been compromised and is providing access to your server so that the intruder can easily return. • The intruder could use the rootkit to hide the password cracker program that steals your passwords and sends them back to the intruder. • They could also use a rootkit to hide a “backdoor” program that would give him easy access back into the compromised system. (A backdoor in a computer system is a method of bypassing normal authentication, securing remote access to a computer, obtaining access to plaintext while attempting to remain undetected.)

  3. 6 basic categories of rootkits • Firmware rootkits • Virtualized rootkits • Kernel rootkits • Boot Loader rootkits • Library rootkits • Application level rootkits (Information about these 6 categories of rootkits can be found at : http://geobaby.in/checking-rootkits-with-rkhunter/)

  4. Rkhunter • A shell script that will detect rootkits or malware on your Linux computer. • Performs checks to see if commands have been modified • Performs various checks on the network interfaces including checks for listening applications. To perform a check of your system, enter: rkhunter –c (to run you must be root/sudo)

  5. Chkrootkit • Like rkhunter chkrootkit is another tool used to detect root kits in Linux • Chkrootkit examines certain elements of the target system and determines whether they have been tampered with.

  6. Command line info Rkhunter • $ sudo apt-get install rkhunter   • # rkhunter --update (This command has to be run on a regular basis to keep the database of known rootkits current. You can use Cron to schedule running of this command at regular intervals.) • # rkhunter --check (The above command runs a number of tests to detect any rootkit or malaware on your Linux computer.) • # rkhunter --list rootkits (List the names of all the rootkits Rootkit Hunter will search for.) • # rkhunter --list tests (List the currently available test names)Rootkit Hunter configuration file is stored at /etc/rkhunter.conf. This file is well documented and contain many of Rootkit Hunter's configuration options. Chkrootkit • $ sudo apt-get install chkrootkit   • # chkrootkit -l (Print available tests) • # chkrootkit (Detect rootkits on your computer) • # chkrootkit –x (Run Chkrootkit in expert mode)

  7. Where to find information • http://www.dedoimedo.com/computers/new-cool-list-linux.html • http://geobaby.in/checking-rootkits-with-rkhunter/ • http://pchell.com/support/rootkitremovaltools.shtml

More Related