Rootkit Hunter Installation
Dec 22, 2007
I was thinking of getting one of our server admins to install the Rootkit Hunter.
Would this have any effect on our server resources and stability.
Im trying to be more security minded after afew weeks ago when our server was hijacked, and I dont want to go through this again.
View 1 Replies
ADVERTISEMENT
Nov 14, 2008
how i can install rootkit hunter on centOs?
and is it different with CHKROOTKIT?
View 5 Replies
View Related
Jun 26, 2009
how to correct it?
Code:
---------------------- Start Rootkit Hunter Scan ----------------------
Warning: Checking for prerequisites [ Warning ]
The file of stored file properties (rkhunter.dat) does not exist, and so must be created. To do this type in 'rkhunter --propupd'.
Warning: WARNING! It is the users responsibility to ensure that when the '--propupd' option
is used, all the files on their system are known to be genuine, and installed from a
reliable source. The rkhunter '--check' option will compare the current file properties
against previously stored values, and report if any values differ. However, rkhunter
cannot determine what has caused the change, that is for the user to do.
One or more warnings have been found while checking the system.
Please check the log file (/var/log/rkhunter/rkhunter.log)
View 2 Replies
View Related
Apr 4, 2008
How can I get rootkit hunter to email me the results?
I tried
MAILTO=me@mydomain
0 0 * * * /root/rkhunter-1.3.2/files/rkhunter --cronjob
and
MAILTO=me@mydomain 0 0 * * * /root/rkhunter-1.3.2/files/rkhunter --cronjob
But it is not sending the email, nothing even show up in my exim_mainlog.
View 2 Replies
View Related
Apr 22, 2008
How can I stop the rootkit hunter false positives?
It is alerting on these, on a fresh OS install:
Checking for prerequisites [ Warning ]
/usr/bin/groups [ Warning ]
/usr/bin/ldd [ Warning ]
/usr/bin/whatis [ Warning ]
/sbin/ifdown [ Warning ]
/sbin/ifup [ Warning ]
View 2 Replies
View Related
May 19, 2009
2009/05/19 03:15:01 ossec-rootcheck: No rootcheck_files file: './db/rootkit_files.txt'
2009/05/19 03:15:01 ossec-rootcheck: No rootcheck_trojans file: './db/rootkit_trojans.txt'
How can i 'fix' this?
View 3 Replies
View Related
Aug 2, 2009
other options over chkrootkit and rkhunter since they are pretty outdated, and so far have found:
Curuncula:
[url]
Unhide:
[url]
View 2 Replies
View Related
Jan 21, 2004
What is a rootkit? The following link is a very good read to answer that question.
http://linux.oreillynet.com/pub/a/li...4/rootkit.html
In Summary, a rootkit is a trojan installed on your Linux server after someone has broken into it. These files are used to cover the hackers tracks, and to give the hacker tools to do more dirty work from your server.
Usage:
1. su - (change to root user)
2. mkdir /usr/local/chkrootkit
3. wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz
4. tar -xvzf chkrootkit.tar.gz
5. cd chkrootkit*
6. cp * /usr/local/chkrootkit
7. cd /usr/local/chkrootkit
8. make sense
Now scan your system:
1. cd /usr/local/chkrootkit
2. ./chkrootkit
chkrootkit may from time to time give false positives. If you ever get a positive or "infected hit" scan a second time. If you do get a positive hit, google the hit to research the issue and steps to correct.
Part 2 - automated chkrootkit, and emailed results.
I'm lazy, and like my server to do the work for me so I have it scan every day, and email me the results.
Usage:
1. vi /etc/cron.daily/chkrootkit
2. add the following code.
Code:
#!/bin/bash
(cd /usr/local/chkrootkit; ./chkrootkit -q 2>&1 | mail -s "Daily chkrootkt scan" you@yourdomain.com)
3. chmod 0755 /etc/cron.daily/chkrootkit
This will email you@yourdomain.com every morning with your chkrootkit results. the -q option will only show you exploits.
Removal:
If you don't like getting the emails or just want to remove this from your server:
1. rm /etc/cron.daily/chkrootkit
2. rm -rf /usr/local/chkrootkit
All files will now be deleted from your server.
View 14 Replies
View Related
Jun 19, 2008
I was following this guide: url]
It's very nice but, 4 years old. So now I am wondering what is best rookit detector, and what is best firewall for centOS 5.
View 9 Replies
View Related
May 4, 2007
My Windows VPS has come under heavy attack by hackers trying to get through MSFTPSVC for the past month and they finally managed to somehow get in 2 days ago. Somehow, the "Allow anonymous login" setting was selected in my FTP settings and they got in.
They even managed to turn off my firewall. I guessing they used a buffer overflow or some other Windows Server 2003 weakness that was fixed in SP2 (too bad SP2 is'nt supported by SWSoft yet).
The attacks began less than 1 week after I had signed up with Virpus. I did'nt even have my domain name pointing to the server or a site up when the first set of dictionary attacks began. How common is that 0_0 ?
Anyway, since I now know they've gotten in I've run a virus check and everything looks clean but I really want to run some kind of root kit detection software. I've tried everything suggested on the antirootkit website but none of them seem to work on a VPS.
View 10 Replies
View Related
Nov 15, 2008
trying to secure my new server that will be opening for shared hosting.
So far I've found:
CHKRootKit, RKHunter, and ClamAV
As for Firewall, I've setup CSF but my question is, what is a good setting for blocking SYN Floods without blocking clients who might be browsing their site and, using DA, and FTP.
In the past I've used:
iptables -A INPUT -p tcp --syn -m limit --limit 1/s --limit-burst 3 -j DROP
iptables -A INPUT -p tcp --syn -m limit --limit 3/s --limit-burst 5 -j DROP
and took down some pretty big attacks, but it was very touchy.
View 0 Replies
View Related
Aug 24, 2007
For securities purposes whats best to install?
Feel free to suggest any others.
Server is running cpanel
View 4 Replies
View Related
Jun 30, 2007
Possible root kit, what can I do?
Sorry for the long post, but I need some feedback.
One of the main reasons that I went from a windows dedicated server to a VPS was because I had several attacks on my server that cost lots of time and money. The only reason to these attacks was that it has to be a root kit in one of the programs I used on my server.
I have used SolarVPS for over 6 months now, and have used most of the same software I used on my dedicated server. I have not had any attacks or somebody gaining access to my VPS.
Last week I got a new Windows VPS from JaguarPC. I installed the same software as always (I will list the software later) and day two of my new VPS somebody had full access, had created a new admin user, installed Utorrent, downloaded and uploaded over 10 GB of movies and music before I discovered the security issue.
Beside my normal software I had downloaded a free downloadmanager, so I could download my plesk backup files faster than on a single download connection. That was the only other software beside my normal software.
But I never used that download manager on my dedicated server, but the same thing happened there also. A user got full access, created a new admin user for remote desktop, etc. I also use different password for the different VPS/DS/hosting plans, but some parts of the main level password is the same.
Last time the user was names support, this time the user was named Dave
I change password often, this year I have changed my password 4-5 times. I have different password for different levels on my VPS/servers. On password for Admin, one for Plesk, one for FTP access to my sites, one for e-mail, one for MySQL etc etc.
I have changed OS at home from XP to Vista, and have only installed 100% secure programs at my home computer. I have not installed one free program or any cracks, warez etc. I also use different antivirus and anti spyware software at home. So the problem can most likely not be at my home computers.
My current software I use on my VPS’s are: (I have some more, but that was the software I used on new VPS)
WinRar 3.61 from [url]
Bandwidth monitor Pro from [url]
Weblog Expert 4.1 from [url]
And the only software I don’t use on my VPS at SolarVPS:
Free Download Manager from [url]
The strange thing is that last time, over 6-7 months ago when I had all the problems with my dedicated server, I traced the IP the hackers had used to login to my DS to Germany.
This time on my new VPS the person has to be from Germany or on country they speak German. The mp3s and the movies where almost all in German.
My plan for the future:
I think I will buy a new VPS plan to test my software. Install one and one software, and see when somebody get access to my VPS. I have to use a provider that offer free OS reloads, so I can reload the OS after I have tested one and one of my programs.
Do anybody know about any companies that allow me to get free OS reloads and provide a Windows 2003 server?
Or will the backup function in VZPP work as OS reload if I take a backup of my new clean VPS and then install software. If it is a rootkit, and I restore, will the rootkit go away? If yes, I can use all providers with VZPP.
And do I have to tell the company what I have planned to do? A rootkit on my VPS will not affect other VPS, so they can get the same rootkit, or the main server?
View 3 Replies
View Related
May 26, 2007
I have just started working through the book Build Your Own Database Driven Website Using PHP & MYSQL, and in the installation section I am required to find a file called php5isapi.dll for the IIS, but I have downloaded the latest version of PHP - PHP 5.2.2 and I cannot find this file...
View 1 Replies
View Related
Dec 26, 2007
I got the following message after creating my test php script. Can someone explain what
I need to change? I am computer literate, but no techie!
<p>This PHP CGI binary was compiled with force-cgi-redirect enabled. This
means that a page will only be served up if the REDIRECT_STATUS CGI variable is
set, e.g. via an Apache Action directive.</p>
<p>For more information as to <i>why</i> this behaviour exists, see the <a href=[url]>manual page for CGI security</a>.</p>
<p>For more information about changing this behaviour or re-enabling this webserver,
consult the installation file that came with this distribution, or visit
<a href="[url]
View 4 Replies
View Related
Apr 19, 2009
I was wondering if there was anyone out there that could do an ffmpeg, flvtool2, mencoder installation on my CentOS 5.2 VPS for $10. I need it to be able to run phpmotion / youtube clone scripts...
View 8 Replies
View Related
Oct 26, 2009
I purchased an EV SSL Cert, and all is fine. Installed via cPanel, and I get the green address bar in Firefox, but not in IE.
Comodo (the vendor) have an Auto-Enhancer feature which automatically tells IE to give me a green bar. They state in their FAQ the following instructions to install the feature:
Replace the bundle file that is in use for the web site.
Use the 'SSLCertificateChainFile' directive instead of the 'SSLCACertificateFile'/'SSLCACertificatePath' directives.
I have download a .CA-BUNDLE file from them.
Please tell me, now what do I do? I am at a lost at their instuctions, and going by my dealings with them, I think I can get help from you guys more accurately and quickly.
The server runs WHM/cPanel 11 with Apache 2 with mod_ssl. Full root access, but I am a Linux newbie.
View 0 Replies
View Related
May 26, 2009
anyone has got the steps to install this on centos 5? I have got it for centos 4 but censtos 5 having issues
/usr/lib/gcc/x86_64-redhat-linux/4.1.2/../../../../lib64/libxslt.so: undefined reference to `xmlXPathContextSetCache'
collect2: ld returned 1 exit status
make[3]: *** [icecast] Error 1
make[3]: Leaving directory `/usr/src/redhat/BUILD/icecast-2.3.1/src'
make[2]: *** [all-recursive] Error 1
make[2]: Leaving directory `/usr/src/redhat/BUILD/icecast-2.3.1/src'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/usr/src/redhat/BUILD/icecast-2.3.1'
make: *** [all] Error 2
error: Bad exit status from /var/tmp/rpm-tmp.1366 (%build)
View 1 Replies
View Related
Feb 18, 2009
What do people mean by profesional installation, for example if I have a forum professionally installed could I expect this to be with phpmyadmin and apache and the mod_rewrite, or are these more custom aspects?
View 5 Replies
View Related
Jun 19, 2009
I need to install a video script on my server and for this I need following addons on my server, how I can install these...
# mbstring [url]
# FFmpeg [url]
# Mplayer + Mencoder [url]
# Flvtool2 [url]
# Libogg + Libvorbis [url]
# LAME MP3 Encoder ([url]
I am using linux server with CPanel.
View 10 Replies
View Related
Jun 18, 2009
I have installed nagios 3.06 on my centos server. Anybody know the steps to configure this nagios to check my other servrers.
View 9 Replies
View Related
Mar 8, 2009
I have WAMP 2.0 installed on my Windows Vista. WAMP has released a new version: 2.0G. I've just downloaded it and i'm wondering if i could just run the installer or do i have to uninstall my current WAMP and then only install the latest version?
View 1 Replies
View Related
Jul 6, 2009
Anyone successfully install vePortal yet?
View 5 Replies
View Related
Apr 19, 2009
We wanted to put up a nagios server for monitoring around 9 - 12 servers and couldn't find any real specs on what kind of machines are required for nagios.
Any leads on what kind of machines would do? My concern was the RAM requirement - if nagios works well on low end machines, it may make sense for us to host it on some VPS.
Wanted to check in with people who run nagios installations and their experiences.
View 14 Replies
View Related
Feb 25, 2008
We are having problem with installing mod_evasive on our server. We tried installing it on our Virtual Machine that runs Fedora 7 (on our server, we have Fedora core 5), and on Virtual Machine it is fine, we can compile it and put it in our Apache2 conf file.
However, when we try
[root@ mod_evasive]# /usr/local/psa/admin/bin/apxs -i -a -c mod_evasive20.c
on the server, we get a
[root@ mod_evasive]# /usr/local/psa/admin/bin/apxs -i -a -c mod_evasive20.c
gcc -DHARD_SERVER_LIMIT=512 -DDEFAULT_PATH="/usr/local/psa/admin/bin:/bin:/usr/bin" -DLINUX=22 -DTARGET="httpsd" -DHAVE_SET_DUMPABLE -DNO_DBM_REWRITEMAP -DMOD_SSL=208122 -DEAPI -O -pipe -I/usr/include -O3 -fexpensive-optimizations -fstrength-reduce -pipe -DPLESK_Linux -I/home/builder/buildbot/psa-8.2.1-bfc7/build/plesk/lib/dist/include/libxml2 -W -Wall -DPLESK_Linux -I/home/builder/buildbot/psa-8.2.1-bfc7/build/plesk/plesk-utils/include -DBSG_CR -DBSG_MSG -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -DHAS_RPM -DUSE_SLEEP_ON_IDLE -Wno-unused-parameter -fpic -DSHARED_MODULE -I/usr/local/psa/admin/include -c mod_evasive20.c ....
View 1 Replies
View Related
Apr 23, 2008
Can this be interpreted as a malware (procede the following steps with caution).
After visiting miniclip.com/games/super-gerball/en/ without me clickiing on anything and confirming that I want to Install a game, a new folder is created in my Windows Start Menu and in a Documents and Settings folder.
Although I believe no harm is actually done with this installation, can attacker use this method to install a malware? How can I prevent this, what options should I change in my Firefox browser?
View 3 Replies
View Related
Jun 7, 2008
I am unable to install PHPShield by using the known ways. how to install it?
- php version is; 5.2.6
- apache version is; 2.0
PHP 5.2.6 (cli) (built: Jun 5 2008 19:44:20)
Copyright (c) 1997-2008 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2008 Zend Technologies
with eAccelerator v0.9.5.3, Copyright (c) 2004-2006 eAccelerator, by eAccelerator
with the ionCube PHP Loader v3.1.32, Copyright (c) 2002-2007, by ionCube Ltd., and
with Zend Extension Manager v1.2.2, Copyright (c) 2003-2007, by Zend Technologies
with Zend Optimizer v3.3.3, Copyright (c) 1998-2007, by Zend Technologies
View 2 Replies
View Related
Apr 10, 2008
I was installing GCC and i followed the steps below and got the error, can anyone tell me on whats the error!.
I downloaded gcc-4.3.0
ftp://ftp.gnu.org/gnu/gcc/gcc-4.3.0/gcc-4.3.0.tar.bz2
from [url]
/usr/local/gcc/gcc-3.4.4/configure
--prefix=/opt/gcc34
--program-suffix=12
--enable-languages=c,c++
Error below!
checking build system type... i686-pc-linux-gnu
checking host system type... i686-pc-linux-gnu
checking target system type... i686-pc-linux-gnu
checking for a BSD-compatible install... /usr/bin/install -c
checking whether ln works... yes
checking whether ln -s works... yes
checking for gcc... no
checking for cc... no
checking for cc... no
checking for cl... no
configure: error: no acceptable C compiler found in $PATH
See `config.log' for more details.
View 7 Replies
View Related
Apr 25, 2008
to install IonCube on my server so iPanel will work. When I go to install IonCube, I need to edit a extension called zend_extension. I go to attempt to edit this by following the directions very carefully by going to my php.ini folder and editing it, I press Ctrl + W which is a search option in pico. Type in zend_extension and their is nothing found. If somebody could please help me, please do. Maybe even install IonCube and iPanel for me, I will send $10.00 via PayPal.
Operating System: CentOs 4
Processer: 3.2 Ghz HT P4 (2 cpus)
Memory: 1 Gigabytes
Harddrive: 80 Gig
Control Panel: cPanel
trying to install iPanel which works with cPanel hand in hand so that is not the issue. iPanel is a billing system like WHMCS or Clientexec.
View 2 Replies
View Related
Jun 10, 2008
i am trying to uninstall CPGA on my vps and each time i get a error,i have tried every think i know to fix it but still it consists on giving me the error.
Error 1
Connection with Remote Server (77.235.43.67) Failed
Error 2
Can not connect to remote socket.
IO:ocket::INET configuration failederror:00000000:lib(0):func(0):reason(0)
This can caused by a few things:
The cPGSD server is not running on 77.235.43.67:2092
There is a firewall blocking access to 77.235.43.67:2092
77.235.43.67 is not the right IP and/or 2092 is not the right port
Solar Flares (Please contact support to investigate)
View 4 Replies
View Related
Nov 11, 2008
Anyone have a complete tutorial from start to finish on installing spamd as a smtp relay server/gateway? Im looking for some good doccumentation on this all i can find is just the spamd install guide but thats it. Im not even sure if i need postfix etc on the machine to run I have no idea.
1. what are the requirements
2. how to install and compile spamd
3. how to configure your mail servers to accept only mail from smtp relay and setup your mx records accordingly.
View 0 Replies
View Related