Checking `sniffer'... eth0: not promisc and no PF_PACKET sockets
eth1: not promisc and no PF_PACKET sockets
eth1:1: not promisc and no PF_PACKET sockets
eth1:2: not promisc and no PF_PACKET sockets
eth1:3: not promisc and no PF_PACKET sockets
eth1:4: not promisc and no PF_PACKET sockets
Anything I should be worried about?
I just try install
but as title I have this error
./chkrootkit.sh: line 2: cd: /downloads/chkrootkit-0.48/: No such file or directory
./chkrootkit.sh: line 3: ./chkrootkit: No such file or directory
I’m edite
pico /etc/cron.daily/chkrootkit.sh
and set it to
#!/bin/bash
cd /downloads/chkrootkit-0.48/
./chkrootkit | mail -s "Daily chkrootkit from Servername" ****@****.com
then I try make test by
cd /etc/cron.daily/
./chkrootkit.sh
and it give me this error
./chkrootkit.sh: line 2: cd: /downloads/chkrootkit-0.48/: No such file or directory .
./chkrootkit.sh: line 3: ./chkrootkit: No such file or directory
some of our customers have some problems using socket!
when they want to work with sockets , if the data that is requested in socket would be high ( for example 10Kb) it shows time out and the connection fails. but if the data amount is low (like 1KB) the task would be accomplished.
should I do any special configuration?
i install it is for what? how may i use of it?
View 5 Replies View RelatedI did do a search of the forum and it showed a few results, mostly non UK and some which were no longer online.
Now I'll make my own topic doh.
What I am looking for is a host which allows UDP + TCP sockets(fsockopen) so I can query gameservers from my hosting + send other commands to other programs.
Must be located in the UK and be fast
Offering a reseller option is a plus, but not required.
A potential client asked us the followingo you allow PHP to open sockets on your server? If yes, is there any restriction on the amount of data that can be downloaded?
Will we be able to access and load our remote webpage using PHP? We will use sockets and a Pear library to accomplish this.
We are basically planning on using some content from our remote site on the new site which will be hosted on your servers. Kindly reply back at the earliest.
Is this a potential spammer?
I had never experienced a server other then a dedicated. I decided to use a VPS. I have migrated a few of my accounts on the VPS.
I am experiencing alot of problems. The server keeps running out of sockets. The provider as increase the sockets limits to the maximum.
At first they told me that platinum management had installed some script while hardening the server that was causing the services to stop responding because too many sockets were used.
I agreed to them rebuilding the VPs, them doing the hardening.
Now, same problem. Too many sockets. Every 6 hours I have to open a ticket and ask to do something so that my server becomes functionnal again.
Now they say that it must be a script I am using on the server. I ask them to track that script, and they say the cannot I must list all active script on server.
Now, Im already a bit upset because their definition of fully managed is not what I have come to expect with other provider. For them being fully managed is they will do anything I ask but wont do any proactive task. Even restart the server when it has failed. On top of that, their control panel is not half working and always gives 404 or jams my computer. So Im in the dark, because ssh is not accessible.
I am asking, how can I verify if the node im on is Oversold?
Is their a way to track sockets usage?
which of the is better?
CHKROOTKIT or RKHunter?
i want to install and run it via ssh.
I have performed chkrootkit and got the following results. It suggests that there are a lot of problems. how would i get rid of these?
Checking `lsof'... not infected
Checking `mail'... not infected
Checking `mingetty'... not infected
Checking `netstat'... not infected
Checking `named'... not infected
Checking `passwd'... not infected
Checking `pidof'... not infected
Checking `pop2'... not found
Checking `pop3'... not found
Checking `ps'... not infected
Checking `pstree'... not infected
Checking `rpcinfo'... not infected
Checking `rlogind'... not found
Checking `rshd'... not found
Checking `slogin'... not infected
Checking `sendmail'... not infected
Checking `sshd'... not infected
Checking `syslogd'... not infected
Checking `tar'... not infected
Checking `tcpd'... not infected
Checking `tcpdump'... not infected
Checking `top'... not infected
Checking `telnetd'... not infected
Checking `timed'... not found
Checking `traceroute'... not infected
Checking `vdir'... not infected
Checking `w'... not infected
Checking `write'... not infected
Checking `aliens'... no suspect files
Searching for sniffer's logs, it may take a while... nothing found
Searching for HiDrootkit's default dir... nothing found
Searching for t0rn's default files and dirs... nothing found
Searching for t0rn's v8 defaults... nothing found
Searching for Lion Worm default files and dirs... nothing found
Searching for RSHA's default files and dir... nothing found
Searching for RH-Sharpe's default files... nothing found
Searching for Ambient's rootkit (ark) default files and dirs... nothing found
Searching for suspicious files and dirs, it may take a while...
I've honestly never had to worry about protecting myself from exploits until this week, when I found out somebody agined access t othe server using an old script on an old account (teach me to delete client accounts when they leave me, it did!)
I'm working on a new server and going through lots of posts on better securing it, and two things that are suggested is installing chkrootkit and rkhunter, and adding them to the daily cron jobs. Learned how to install and set up the daily script for chkrootkit, but here's what I'd like to do that I'm not sure how to go about, I'd like to a) be notified ONLY if there are changes in the daily scans (especially since there are a couple of false positives I'm aware of) and b) be e-mailed a full report once a week, whether or not there were any changes.
I've got rkhunter installed as well, but I can't seem to find a script that will properly execute it and e-mail it to me. Does anybody have one that works? I'd also like to only get an e-mail if there are changes, except for a once weekly scan result.
A couple days ago, I installed Rkhunter 1.3.0. I updated it, ran it, and put in my my crontab.root
30 23 * * * /usr/local/bin/rkhunter --cronjob > /dev/null
I just finished installing chkrootkit 0.48. I ran it and everything seems fine.
Is there a way to run this as a service?? I ask because in my VPS control panel, the security check still shows that Chkrootkit isn't installed.
Do I put it in the crontab.root file, or does it run as a service?
Also... Does it do the same thing as Rkhunter, or should I have them both installed?
I have following error when try to install chkrootkit-0.48 on server:
[root@m5088 chkrootkit-0.48]# make sense
gcc -DHAVE_LASTLOG_H -o chklastlog chklastlog.c
make: gcc: Command not found
make: *** [chklastlog] Error 127
How can resolve this issue?
I have two whm cpanel servers on one provider and they both reporting same
error when i click on phpmyadmin on whm:
#2002 - The server is not responding (or the local MySQL server's socket is not correctly configured)
I know that port 80 is reserved for HTTP communication to clients on the apache server,and that the client can receive the HTTP response to any port on the client machine, I think there might be more details to it than this. I am required to describe how client and server sockets are used for the client/server communication between an Apache Web server and Web client processes.
View 1 Replies View Relatedi use those 2 programs for scanning for rootkit programs.
are there any free programs for windows?
shkrootkit sent one e-mail
Checking `bindshell'... INFECTED (PORTS: 465)
Checking `lkm'... You have 1 process hidden for ps command
chkproc: Warning: Possible LKM Trojan installed
what means?
TCP 67.228.85.130:2848 212.158.153.66:4925 ESTABLISHED
TCP 67.228.85.130:2848 212.158.153.66:4926 ESTABLISHED
TCP 67.228.85.130:2848 212.158.153.66:4929 ESTABLISHED
TCP 67.228.85.130:2848 212.158.153.66:4930 ESTABLISHED
there are 5000's of 212.158.153.66 connecting to 67.228.85.130:2848
how to limit 212.158.153.66 to like max of 30 connecting to 67.228.85.130:2848
How to install PHP (v.5.3+) compatible with Plesk v.12.08 with support for sockets and pthreads, mysql and etc. for Centos 6.5 (I have some configuring options).
Should I build it or there are another options provided by Plesk panel?
I need only one PHP (not multiple releases) but fine working if possible.