In Rootkit Hunter Scan
Jun 26, 2009
how to correct it?
Code:
---------------------- Start Rootkit Hunter Scan ----------------------
Warning: Checking for prerequisites [ Warning ]
The file of stored file properties (rkhunter.dat) does not exist, and so must be created. To do this type in 'rkhunter --propupd'.
Warning: WARNING! It is the users responsibility to ensure that when the '--propupd' option
is used, all the files on their system are known to be genuine, and installed from a
reliable source. The rkhunter '--check' option will compare the current file properties
against previously stored values, and report if any values differ. However, rkhunter
cannot determine what has caused the change, that is for the user to do.
One or more warnings have been found while checking the system.
Please check the log file (/var/log/rkhunter/rkhunter.log)
View 2 Replies
ADVERTISEMENT
Nov 14, 2008
how i can install rootkit hunter on centOs?
and is it different with CHKROOTKIT?
View 5 Replies
View Related
Dec 22, 2007
I was thinking of getting one of our server admins to install the Rootkit Hunter.
Would this have any effect on our server resources and stability.
Im trying to be more security minded after afew weeks ago when our server was hijacked, and I dont want to go through this again.
View 1 Replies
View Related
Apr 4, 2008
How can I get rootkit hunter to email me the results?
I tried
MAILTO=me@mydomain
0 0 * * * /root/rkhunter-1.3.2/files/rkhunter --cronjob
and
MAILTO=me@mydomain 0 0 * * * /root/rkhunter-1.3.2/files/rkhunter --cronjob
But it is not sending the email, nothing even show up in my exim_mainlog.
View 2 Replies
View Related
Apr 22, 2008
How can I stop the rootkit hunter false positives?
It is alerting on these, on a fresh OS install:
Checking for prerequisites [ Warning ]
/usr/bin/groups [ Warning ]
/usr/bin/ldd [ Warning ]
/usr/bin/whatis [ Warning ]
/sbin/ifdown [ Warning ]
/sbin/ifup [ Warning ]
View 2 Replies
View Related
Jan 21, 2004
What is a rootkit? The following link is a very good read to answer that question.
http://linux.oreillynet.com/pub/a/li...4/rootkit.html
In Summary, a rootkit is a trojan installed on your Linux server after someone has broken into it. These files are used to cover the hackers tracks, and to give the hacker tools to do more dirty work from your server.
Usage:
1. su - (change to root user)
2. mkdir /usr/local/chkrootkit
3. wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz
4. tar -xvzf chkrootkit.tar.gz
5. cd chkrootkit*
6. cp * /usr/local/chkrootkit
7. cd /usr/local/chkrootkit
8. make sense
Now scan your system:
1. cd /usr/local/chkrootkit
2. ./chkrootkit
chkrootkit may from time to time give false positives. If you ever get a positive or "infected hit" scan a second time. If you do get a positive hit, google the hit to research the issue and steps to correct.
Part 2 - automated chkrootkit, and emailed results.
I'm lazy, and like my server to do the work for me so I have it scan every day, and email me the results.
Usage:
1. vi /etc/cron.daily/chkrootkit
2. add the following code.
Code:
#!/bin/bash
(cd /usr/local/chkrootkit; ./chkrootkit -q 2>&1 | mail -s "Daily chkrootkt scan" you@yourdomain.com)
3. chmod 0755 /etc/cron.daily/chkrootkit
This will email you@yourdomain.com every morning with your chkrootkit results. the -q option will only show you exploits.
Removal:
If you don't like getting the emails or just want to remove this from your server:
1. rm /etc/cron.daily/chkrootkit
2. rm -rf /usr/local/chkrootkit
All files will now be deleted from your server.
View 14 Replies
View Related
May 19, 2009
2009/05/19 03:15:01 ossec-rootcheck: No rootcheck_files file: './db/rootkit_files.txt'
2009/05/19 03:15:01 ossec-rootcheck: No rootcheck_trojans file: './db/rootkit_trojans.txt'
How can i 'fix' this?
View 3 Replies
View Related
Aug 2, 2009
other options over chkrootkit and rkhunter since they are pretty outdated, and so far have found:
Curuncula:
[url]
Unhide:
[url]
View 2 Replies
View Related
Jun 19, 2008
I was following this guide: url]
It's very nice but, 4 years old. So now I am wondering what is best rookit detector, and what is best firewall for centOS 5.
View 9 Replies
View Related
May 4, 2007
My Windows VPS has come under heavy attack by hackers trying to get through MSFTPSVC for the past month and they finally managed to somehow get in 2 days ago. Somehow, the "Allow anonymous login" setting was selected in my FTP settings and they got in.
They even managed to turn off my firewall. I guessing they used a buffer overflow or some other Windows Server 2003 weakness that was fixed in SP2 (too bad SP2 is'nt supported by SWSoft yet).
The attacks began less than 1 week after I had signed up with Virpus. I did'nt even have my domain name pointing to the server or a site up when the first set of dictionary attacks began. How common is that 0_0 ?
Anyway, since I now know they've gotten in I've run a virus check and everything looks clean but I really want to run some kind of root kit detection software. I've tried everything suggested on the antirootkit website but none of them seem to work on a VPS.
View 10 Replies
View Related
Nov 15, 2008
trying to secure my new server that will be opening for shared hosting.
So far I've found:
CHKRootKit, RKHunter, and ClamAV
As for Firewall, I've setup CSF but my question is, what is a good setting for blocking SYN Floods without blocking clients who might be browsing their site and, using DA, and FTP.
In the past I've used:
iptables -A INPUT -p tcp --syn -m limit --limit 1/s --limit-burst 3 -j DROP
iptables -A INPUT -p tcp --syn -m limit --limit 3/s --limit-burst 5 -j DROP
and took down some pretty big attacks, but it was very touchy.
View 0 Replies
View Related
Aug 24, 2007
For securities purposes whats best to install?
Feel free to suggest any others.
Server is running cpanel
View 4 Replies
View Related
Jun 2, 2009
We have a client claming that she gets a Trojan warming when she trys to access her website but using the Trojan scan in cpanel doesn't show anything.
What can we use to scan for Trojan?
View 5 Replies
View Related
Mar 2, 2007
Is this possible we can scan virus on the account on server?
View 1 Replies
View Related
Jun 14, 2008
Is it advisable to have someone scan your server setup, ie the firewall? If so, what is used to scan the firewall?
View 13 Replies
View Related
May 4, 2008
What's the best way to do a daily check for xss scripts injected into php and html files on a linux box?
I am referring to stuff like framer.z
[url]
which essentially has a telltail signature of
<script>eval(unescape("%77%69...
Is there anything for linux that keeps up with those kinds of script signatures?
I doubt CSF or Clam looks for that kind of stuff, right?
View 3 Replies
View Related
Oct 1, 2008
to install secuity patches for each VPS hosted on single host or appling it to host running multiple VPS is enough.
Does same applies to firewall related software..Use it for individual VPS on single host?
View 1 Replies
View Related
May 20, 2008
i have server and i want to do shell scan and delete the shell
View 4 Replies
View Related
May 2, 2007
I am not much familiar with windows server scan. How can I do full scan on the server? I want to make sure that server is secure.
View 3 Replies
View Related
Jun 30, 2007
Possible root kit, what can I do?
Sorry for the long post, but I need some feedback.
One of the main reasons that I went from a windows dedicated server to a VPS was because I had several attacks on my server that cost lots of time and money. The only reason to these attacks was that it has to be a root kit in one of the programs I used on my server.
I have used SolarVPS for over 6 months now, and have used most of the same software I used on my dedicated server. I have not had any attacks or somebody gaining access to my VPS.
Last week I got a new Windows VPS from JaguarPC. I installed the same software as always (I will list the software later) and day two of my new VPS somebody had full access, had created a new admin user, installed Utorrent, downloaded and uploaded over 10 GB of movies and music before I discovered the security issue.
Beside my normal software I had downloaded a free downloadmanager, so I could download my plesk backup files faster than on a single download connection. That was the only other software beside my normal software.
But I never used that download manager on my dedicated server, but the same thing happened there also. A user got full access, created a new admin user for remote desktop, etc. I also use different password for the different VPS/DS/hosting plans, but some parts of the main level password is the same.
Last time the user was names support, this time the user was named Dave
I change password often, this year I have changed my password 4-5 times. I have different password for different levels on my VPS/servers. On password for Admin, one for Plesk, one for FTP access to my sites, one for e-mail, one for MySQL etc etc.
I have changed OS at home from XP to Vista, and have only installed 100% secure programs at my home computer. I have not installed one free program or any cracks, warez etc. I also use different antivirus and anti spyware software at home. So the problem can most likely not be at my home computers.
My current software I use on my VPS’s are: (I have some more, but that was the software I used on new VPS)
WinRar 3.61 from [url]
Bandwidth monitor Pro from [url]
Weblog Expert 4.1 from [url]
And the only software I don’t use on my VPS at SolarVPS:
Free Download Manager from [url]
The strange thing is that last time, over 6-7 months ago when I had all the problems with my dedicated server, I traced the IP the hackers had used to login to my DS to Germany.
This time on my new VPS the person has to be from Germany or on country they speak German. The mp3s and the movies where almost all in German.
My plan for the future:
I think I will buy a new VPS plan to test my software. Install one and one software, and see when somebody get access to my VPS. I have to use a provider that offer free OS reloads, so I can reload the OS after I have tested one and one of my programs.
Do anybody know about any companies that allow me to get free OS reloads and provide a Windows 2003 server?
Or will the backup function in VZPP work as OS reload if I take a backup of my new clean VPS and then install software. If it is a rootkit, and I restore, will the rootkit go away? If yes, I can use all providers with VZPP.
And do I have to tell the company what I have planned to do? A rootkit on my VPS will not affect other VPS, so they can get the same rootkit, or the main server?
View 3 Replies
View Related
Dec 14, 2008
Any body knows of free server security scan for my dedicated?
View 4 Replies
View Related
Apr 14, 2007
[url]
[url]
One of my users posted this in the forum saying my server is scanning his computer. His this serious? Do I have virus? Should i be worried? Well i am kinda worried. I tried googling it, but i can't seem to figure the right keywords for a good result.
View 4 Replies
View Related
Apr 1, 2015
So I have a client using Wordpress 3.6, so the scan does little good.
I update the Wordpress to 4.1.1 and do the Scan again. Plesk cannot find the updated install of WP still?
View 5 Replies
View Related