Dail Chkrootkit Find Shell
Aug 26, 2007shkrootkit sent one e-mail
Checking `bindshell'... INFECTED (PORTS: 465)
Checking `lkm'... You have 1 process hidden for ps command
chkproc: Warning: Possible LKM Trojan installed
what means?
ADVERTISEMENT
./chkrootkit.sh: Line 2: Cd: /downloads/chkrootkit-0.48/: No Such File Or Directory
Aug 6, 2008I just try install
but as title I have this error
./chkrootkit.sh: line 2: cd: /downloads/chkrootkit-0.48/: No such file or directory
./chkrootkit.sh: line 3: ./chkrootkit: No such file or directory
I’m edite
pico /etc/cron.daily/chkrootkit.sh
and set it to
#!/bin/bash
cd /downloads/chkrootkit-0.48/
./chkrootkit | mail -s "Daily chkrootkit from Servername" ****@****.com
then I try make test by
cd /etc/cron.daily/
./chkrootkit.sh
and it give me this error
./chkrootkit.sh: line 2: cd: /downloads/chkrootkit-0.48/: No such file or directory .
./chkrootkit.sh: line 3: ./chkrootkit: No such file or directory
Find Shell
Oct 9, 2007How can i find shell in my server?
is a program that find them?
my server is linux / centos / cpanel control panel
how can i disable shell in my server?
and stop deface
Anyone Know Where I Can Find Shell Hosting In Atlanta?
Jul 31, 2008Anyone know where i can find shell hosting in Atlanta?
View 0 Replies View RelatedWhere Do I Find The Shell Command Feature
Jun 9, 2008i am trying hard to understand how everything works, i just finished installing my CentOS 5.2 OS and need to install + Apache + MySQL + PHP/Perl.
Also i downloaded the apache file and tried to insatll it but it has to be done by giving a command via Bash shell for wht i understood, so i downloaded bash shell file. How and where do i enter the commands for installing these applications?
How May I Use Of Chkrootkit?
Aug 13, 2007i install it is for what? how may i use of it?
View 5 Replies View RelatedChange Jail Shell To Normal Shell
Jul 8, 2008Do any1 know how to change jail shell to normal shell?
View 14 Replies View RelatedCHKROOTKIT Or RKHunter
Jul 29, 2009which of the is better?
CHKROOTKIT or RKHunter?
i want to install and run it via ssh.
Chkrootkit Log Has Errors
Jan 7, 2009I have performed chkrootkit and got the following results. It suggests that there are a lot of problems. how would i get rid of these?
Checking `lsof'... not infected
Checking `mail'... not infected
Checking `mingetty'... not infected
Checking `netstat'... not infected
Checking `named'... not infected
Checking `passwd'... not infected
Checking `pidof'... not infected
Checking `pop2'... not found
Checking `pop3'... not found
Checking `ps'... not infected
Checking `pstree'... not infected
Checking `rpcinfo'... not infected
Checking `rlogind'... not found
Checking `rshd'... not found
Checking `slogin'... not infected
Checking `sendmail'... not infected
Checking `sshd'... not infected
Checking `syslogd'... not infected
Checking `tar'... not infected
Checking `tcpd'... not infected
Checking `tcpdump'... not infected
Checking `top'... not infected
Checking `telnetd'... not infected
Checking `timed'... not found
Checking `traceroute'... not infected
Checking `vdir'... not infected
Checking `w'... not infected
Checking `write'... not infected
Checking `aliens'... no suspect files
Searching for sniffer's logs, it may take a while... nothing found
Searching for HiDrootkit's default dir... nothing found
Searching for t0rn's default files and dirs... nothing found
Searching for t0rn's v8 defaults... nothing found
Searching for Lion Worm default files and dirs... nothing found
Searching for RSHA's default files and dir... nothing found
Searching for RH-Sharpe's default files... nothing found
Searching for Ambient's rootkit (ark) default files and dirs... nothing found
Searching for suspicious files and dirs, it may take a while...
Rkhunter & Chkrootkit?
Jun 30, 2008I've honestly never had to worry about protecting myself from exploits until this week, when I found out somebody agined access t othe server using an old script on an old account (teach me to delete client accounts when they leave me, it did!)
I'm working on a new server and going through lots of posts on better securing it, and two things that are suggested is installing chkrootkit and rkhunter, and adding them to the daily cron jobs. Learned how to install and set up the daily script for chkrootkit, but here's what I'd like to do that I'm not sure how to go about, I'd like to a) be notified ONLY if there are changes in the daily scans (especially since there are a couple of false positives I'm aware of) and b) be e-mailed a full report once a week, whether or not there were any changes.
I've got rkhunter installed as well, but I can't seem to find a script that will properly execute it and e-mail it to me. Does anybody have one that works? I'd also like to only get an e-mail if there are changes, except for a once weekly scan result.
Rkhunter Vs. Chkrootkit - Best Way To Run
Dec 31, 2007A couple days ago, I installed Rkhunter 1.3.0. I updated it, ran it, and put in my my crontab.root
30 23 * * * /usr/local/bin/rkhunter --cronjob > /dev/null
I just finished installing chkrootkit 0.48. I ran it and everything seems fine.
Is there a way to run this as a service?? I ask because in my VPS control panel, the security check still shows that Chkrootkit isn't installed.
Do I put it in the crontab.root file, or does it run as a service?
Also... Does it do the same thing as Rkhunter, or should I have them both installed?
Error In Install Chkrootkit-0.48
May 29, 2008I have following error when try to install chkrootkit-0.48 on server:
[root@m5088 chkrootkit-0.48]# make sense
gcc -DHAVE_LASTLOG_H -o chklastlog chklastlog.c
make: gcc: Command not found
make: *** [chklastlog] Error 127
How can resolve this issue?
Chkrootkit :: Not Promisc And No PF_PACKET Sockets
May 27, 2007Checking `sniffer'... eth0: not promisc and no PF_PACKET sockets
eth1: not promisc and no PF_PACKET sockets
eth1:1: not promisc and no PF_PACKET sockets
eth1:2: not promisc and no PF_PACKET sockets
eth1:3: not promisc and no PF_PACKET sockets
eth1:4: not promisc and no PF_PACKET sockets
Anything I should be worried about?
Windows Equivalent Of Chkrootkit, Rkhunter
Oct 29, 2009i use those 2 programs for scanning for rootkit programs.
are there any free programs for windows?
Using Find Command With Regex To Find All Number-only Filenames
Oct 15, 2007how can i do a search for all files (probs using regex) of files consisting purely of numbers?
for e.g. find:
53243.php
24353.php
24098.php
(always have 5 numbers).
seems one of my accounts has had some script run which generated a bunch of these in various subfolders, and the php file basically does a callback to www3.rssnews.ws and www3.xmldata.info, which seem to be some sort of spyware servers.
Shell
Sep 30, 2007my server in under attack of shell
how can i find shell code in my server? (c99 ...)
is any anti virus or open source tools to find it
how can i disable shell function?
Shell Allow.
May 10, 2007I have spare dedicated machine.
I want to allow user to run few processes on machine (debian etch).
I configurated limits at /etc/security/limits.conf for group "shell".
When I attached user to group shell, limits work well, but he still can look
everywhere on system. (he can do cat /home/somefile.txt, even owned by root).
Is there any method, software to limit user to acces only their home directories?
Shell And Php Security
Jun 7, 2009For security reason I have these php functiosn disabled:
show_source, system, shell_exec, exec, popen, proc_open, procopen, passthru
Can anyone please tell me whether if it will prevent shell scripts from working?
They can still upload the shells but cant read/write/execute commands in 777 directories?
SSH/Shell Not Connecting
Apr 16, 2005I'm having a problem connecting to SSH/Shell on my server. I get the Login Prompt, but when i enter the User/Pass i just get "SSH-2.0-OpenSSH_3.6.1p2", everything under that is blank.
I've restarted the SSH Server and made sure the account i was using was set to use Normal Shell (not jailed). What could be the problem?
Chmod Using Shell
Oct 8, 2006I was wondering if it were possible to chmod a directory that is set to a low number to 777 using a shell or command and if so can anyone point me in the right direction as to how to go about doing so ??? I am trying to learn a little and i pefer using my browser to edit files rather then a ftp client.
View 9 Replies View RelatedPennsylvania VPS Or Shell
Jun 9, 2007I was just wondering if anyone is aware of Linux VPS or shell account providers with servers that are physically located in Pennsylvania. The only two I've come across so far are Nocster and VPS Village.
View 2 Replies View RelatedWhat's Shell Access?
Oct 8, 2009I keep seeing web hosts where it says that there is/isn't shell access, etc. What's shell access and what do you do with it in/with a web host?
View 14 Replies View RelatedShell DNS Toolkit?
May 27, 2008Is there a such thing? I use shell mainly for whois info, tracing, telnet for email issues, etc etc. Is there a 'toolkit' for such things?
View 6 Replies View RelatedHow Do You Use Shell Access?
Nov 6, 2005I have a script that needs to be run from shell access, but I've never done this before. How do you access a script through shell? Is there software I need to download? Not even sure where to begin.
View 5 Replies View RelatedC99 Shell On My Server
Dec 16, 2007One of our customers uploaded C99Shell script on my server, and he can access to another accounts,
I upgraded php to 5 but he can access with this script to another accounts yet, what should I do to disable this script or other one?
How To Program In Shell ?
Oct 11, 2006I'm trying to program a very simple shell script that does 2-3 things.
1) checks for the number of a script running say, "ps aux | grep php | wc -l" returns that number.
2) deletes temp files folders "cd /to/that/directory/; rm -fr *&" every 90 seconds IF that number in check #1 is below say 50....
and then have this shell script launched in shell every so often, not sure on the frequency but first is how to program in shell is a TIME DELAY....
DNS Forwarding Using Shell
Oct 29, 2006We have customer who has account on our *nix box server and who wanna move to our h-sphere reseller platform because now he want to use asp and mssql.
If it`s .com domain, for example, I would be able to easy change NS1 and NS2, but since this is ccTLD (and we will wait 10-15 days) I need quick solution for DNS forwarding.
ns1.oldnameserver -> ns1.newnamerserver
ns2.oldnamesrever -> ns2.newnamerserver
se when I run ping for example, I have to have reply from new server.
I have shell access but I don`t know how to modify zone or named, since obviously I can not do this using whm.
SSH/Shell Access :: How To Use It?
Jun 11, 2008I have never used SSH/Shell Access, but think I may want to. Can someone explain what it is, and maybe explain how to use it? My web hosting provider provides SSH, but I have no clue what to do.
View 10 Replies View RelatedHow To A Shell With A Restriction As Not Run Gcc
Dec 17, 2008how to a shell with a restriction as not run gcc, screen, limit process to use or not use, run programs like bg process etc etc.
View 1 Replies View RelatedShell Access
Aug 1, 2008I've enabled ssh one of my account in WHM, so I went to cpanel of this account and tried the SSH/Shell Access, but what I got is:
For security reasons, shell access is not enabled by default. In order to activate shell access on your account, you will need to fax or mail a copy of your driver's license, passport or other photo id to customer service.
is this something about SSH Key? do I have to generate a key so I can use the SSH/Shell Access?
Jailed Shell On A VPS
Apr 2, 2007On a VPS I am using, I was astonished to see that when I login through SSH to a WHM account, I can go right up to the VPS system directories, do an ls, read the files etc. the user is able to get into the all the VPS directories, except root.
It's fine in FTP. Although I can see the link to the directory above home, clicking on it does not take the user to those directories.
When I ask my service provider, they say, "Yes, this is normal behavior. The users will still be able to move into the other users' home directories but they will not be able to write to the files or open them".
It seems to me this isn't a good situation. How can I prevent shell users from going beyond their home directories? Is implementing a jailed shell a good option? Can I use this feature that is readily available in WHM?
