Dail Chkrootkit Find Shell
Aug 26, 2007
shkrootkit sent one e-mail
Checking `bindshell'... INFECTED (PORTS: 465)
Checking `lkm'... You have 1 process hidden for ps command
chkproc: Warning: Possible LKM Trojan installed
what means?
View 4 Replies
ADVERTISEMENT
Aug 6, 2008
I just try install
but as title I have this error
./chkrootkit.sh: line 2: cd: /downloads/chkrootkit-0.48/: No such file or directory
./chkrootkit.sh: line 3: ./chkrootkit: No such file or directory
I’m edite
pico /etc/cron.daily/chkrootkit.sh
and set it to
#!/bin/bash
cd /downloads/chkrootkit-0.48/
./chkrootkit | mail -s "Daily chkrootkit from Servername" ****@****.com
then I try make test by
cd /etc/cron.daily/
./chkrootkit.sh
and it give me this error
./chkrootkit.sh: line 2: cd: /downloads/chkrootkit-0.48/: No such file or directory .
./chkrootkit.sh: line 3: ./chkrootkit: No such file or directory
View 8 Replies
View Related
Oct 9, 2007
How can i find shell in my server?
is a program that find them?
my server is linux / centos / cpanel control panel
how can i disable shell in my server?
and stop deface
View 5 Replies
View Related
Jul 31, 2008
Anyone know where i can find shell hosting in Atlanta?
View 0 Replies
View Related
Jun 9, 2008
i am trying hard to understand how everything works, i just finished installing my CentOS 5.2 OS and need to install + Apache + MySQL + PHP/Perl.
Also i downloaded the apache file and tried to insatll it but it has to be done by giving a command via Bash shell for wht i understood, so i downloaded bash shell file. How and where do i enter the commands for installing these applications?
View 3 Replies
View Related
Aug 13, 2007
i install it is for what? how may i use of it?
View 5 Replies
View Related
Jul 8, 2008
Do any1 know how to change jail shell to normal shell?
View 14 Replies
View Related
Jul 29, 2009
which of the is better?
CHKROOTKIT or RKHunter?
i want to install and run it via ssh.
View 14 Replies
View Related
Jan 7, 2009
I have performed chkrootkit and got the following results. It suggests that there are a lot of problems. how would i get rid of these?
Checking `lsof'... not infected
Checking `mail'... not infected
Checking `mingetty'... not infected
Checking `netstat'... not infected
Checking `named'... not infected
Checking `passwd'... not infected
Checking `pidof'... not infected
Checking `pop2'... not found
Checking `pop3'... not found
Checking `ps'... not infected
Checking `pstree'... not infected
Checking `rpcinfo'... not infected
Checking `rlogind'... not found
Checking `rshd'... not found
Checking `slogin'... not infected
Checking `sendmail'... not infected
Checking `sshd'... not infected
Checking `syslogd'... not infected
Checking `tar'... not infected
Checking `tcpd'... not infected
Checking `tcpdump'... not infected
Checking `top'... not infected
Checking `telnetd'... not infected
Checking `timed'... not found
Checking `traceroute'... not infected
Checking `vdir'... not infected
Checking `w'... not infected
Checking `write'... not infected
Checking `aliens'... no suspect files
Searching for sniffer's logs, it may take a while... nothing found
Searching for HiDrootkit's default dir... nothing found
Searching for t0rn's default files and dirs... nothing found
Searching for t0rn's v8 defaults... nothing found
Searching for Lion Worm default files and dirs... nothing found
Searching for RSHA's default files and dir... nothing found
Searching for RH-Sharpe's default files... nothing found
Searching for Ambient's rootkit (ark) default files and dirs... nothing found
Searching for suspicious files and dirs, it may take a while...
View 14 Replies
View Related
Jun 30, 2008
I've honestly never had to worry about protecting myself from exploits until this week, when I found out somebody agined access t othe server using an old script on an old account (teach me to delete client accounts when they leave me, it did!)
I'm working on a new server and going through lots of posts on better securing it, and two things that are suggested is installing chkrootkit and rkhunter, and adding them to the daily cron jobs. Learned how to install and set up the daily script for chkrootkit, but here's what I'd like to do that I'm not sure how to go about, I'd like to a) be notified ONLY if there are changes in the daily scans (especially since there are a couple of false positives I'm aware of) and b) be e-mailed a full report once a week, whether or not there were any changes.
I've got rkhunter installed as well, but I can't seem to find a script that will properly execute it and e-mail it to me. Does anybody have one that works? I'd also like to only get an e-mail if there are changes, except for a once weekly scan result.
View 3 Replies
View Related
Dec 31, 2007
A couple days ago, I installed Rkhunter 1.3.0. I updated it, ran it, and put in my my crontab.root
30 23 * * * /usr/local/bin/rkhunter --cronjob > /dev/null
I just finished installing chkrootkit 0.48. I ran it and everything seems fine.
Is there a way to run this as a service?? I ask because in my VPS control panel, the security check still shows that Chkrootkit isn't installed.
Do I put it in the crontab.root file, or does it run as a service?
Also... Does it do the same thing as Rkhunter, or should I have them both installed?
View 1 Replies
View Related
May 29, 2008
I have following error when try to install chkrootkit-0.48 on server:
[root@m5088 chkrootkit-0.48]# make sense
gcc -DHAVE_LASTLOG_H -o chklastlog chklastlog.c
make: gcc: Command not found
make: *** [chklastlog] Error 127
How can resolve this issue?
View 4 Replies
View Related
May 27, 2007
Checking `sniffer'... eth0: not promisc and no PF_PACKET sockets
eth1: not promisc and no PF_PACKET sockets
eth1:1: not promisc and no PF_PACKET sockets
eth1:2: not promisc and no PF_PACKET sockets
eth1:3: not promisc and no PF_PACKET sockets
eth1:4: not promisc and no PF_PACKET sockets
Anything I should be worried about?
View 2 Replies
View Related
Oct 29, 2009
i use those 2 programs for scanning for rootkit programs.
are there any free programs for windows?
View 3 Replies
View Related
Oct 15, 2007
how can i do a search for all files (probs using regex) of files consisting purely of numbers?
for e.g. find:
53243.php
24353.php
24098.php
(always have 5 numbers).
seems one of my accounts has had some script run which generated a bunch of these in various subfolders, and the php file basically does a callback to www3.rssnews.ws and www3.xmldata.info, which seem to be some sort of spyware servers.
View 10 Replies
View Related
Sep 30, 2007
my server in under attack of shell
how can i find shell code in my server? (c99 ...)
is any anti virus or open source tools to find it
how can i disable shell function?
View 4 Replies
View Related
May 10, 2007
I have spare dedicated machine.
I want to allow user to run few processes on machine (debian etch).
I configurated limits at /etc/security/limits.conf for group "shell".
When I attached user to group shell, limits work well, but he still can look
everywhere on system. (he can do cat /home/somefile.txt, even owned by root).
Is there any method, software to limit user to acces only their home directories?
View 2 Replies
View Related
Jun 7, 2009
For security reason I have these php functiosn disabled:
show_source, system, shell_exec, exec, popen, proc_open, procopen, passthru
Can anyone please tell me whether if it will prevent shell scripts from working?
They can still upload the shells but cant read/write/execute commands in 777 directories?
View 6 Replies
View Related
Apr 16, 2005
I'm having a problem connecting to SSH/Shell on my server. I get the Login Prompt, but when i enter the User/Pass i just get "SSH-2.0-OpenSSH_3.6.1p2", everything under that is blank.
I've restarted the SSH Server and made sure the account i was using was set to use Normal Shell (not jailed). What could be the problem?
View 3 Replies
View Related
Oct 8, 2006
I was wondering if it were possible to chmod a directory that is set to a low number to 777 using a shell or command and if so can anyone point me in the right direction as to how to go about doing so ??? I am trying to learn a little and i pefer using my browser to edit files rather then a ftp client.
View 9 Replies
View Related
Jun 9, 2007
I was just wondering if anyone is aware of Linux VPS or shell account providers with servers that are physically located in Pennsylvania. The only two I've come across so far are Nocster and VPS Village.
View 2 Replies
View Related
Oct 8, 2009
I keep seeing web hosts where it says that there is/isn't shell access, etc. What's shell access and what do you do with it in/with a web host?
View 14 Replies
View Related
May 27, 2008
Is there a such thing? I use shell mainly for whois info, tracing, telnet for email issues, etc etc. Is there a 'toolkit' for such things?
View 6 Replies
View Related
Nov 6, 2005
I have a script that needs to be run from shell access, but I've never done this before. How do you access a script through shell? Is there software I need to download? Not even sure where to begin.
View 5 Replies
View Related
Dec 16, 2007
One of our customers uploaded C99Shell script on my server, and he can access to another accounts,
I upgraded php to 5 but he can access with this script to another accounts yet, what should I do to disable this script or other one?
View 14 Replies
View Related
Oct 11, 2006
I'm trying to program a very simple shell script that does 2-3 things.
1) checks for the number of a script running say, "ps aux | grep php | wc -l" returns that number.
2) deletes temp files folders "cd /to/that/directory/; rm -fr *&" every 90 seconds IF that number in check #1 is below say 50....
and then have this shell script launched in shell every so often, not sure on the frequency but first is how to program in shell is a TIME DELAY....
View 7 Replies
View Related
Oct 29, 2006
We have customer who has account on our *nix box server and who wanna move to our h-sphere reseller platform because now he want to use asp and mssql.
If it`s .com domain, for example, I would be able to easy change NS1 and NS2, but since this is ccTLD (and we will wait 10-15 days) I need quick solution for DNS forwarding.
ns1.oldnameserver -> ns1.newnamerserver
ns2.oldnamesrever -> ns2.newnamerserver
se when I run ping for example, I have to have reply from new server.
I have shell access but I don`t know how to modify zone or named, since obviously I can not do this using whm.
View 3 Replies
View Related
Jun 11, 2008
I have never used SSH/Shell Access, but think I may want to. Can someone explain what it is, and maybe explain how to use it? My web hosting provider provides SSH, but I have no clue what to do.
View 10 Replies
View Related
Dec 17, 2008
how to a shell with a restriction as not run gcc, screen, limit process to use or not use, run programs like bg process etc etc.
View 1 Replies
View Related
Aug 1, 2008
I've enabled ssh one of my account in WHM, so I went to cpanel of this account and tried the SSH/Shell Access, but what I got is:
For security reasons, shell access is not enabled by default. In order to activate shell access on your account, you will need to fax or mail a copy of your driver's license, passport or other photo id to customer service.
is this something about SSH Key? do I have to generate a key so I can use the SSH/Shell Access?
View 8 Replies
View Related
Apr 2, 2007
On a VPS I am using, I was astonished to see that when I login through SSH to a WHM account, I can go right up to the VPS system directories, do an ls, read the files etc. the user is able to get into the all the VPS directories, except root.
It's fine in FTP. Although I can see the link to the directory above home, clicking on it does not take the user to those directories.
When I ask my service provider, they say, "Yes, this is normal behavior. The users will still be able to move into the other users' home directories but they will not be able to write to the files or open them".
It seems to me this isn't a good situation. How can I prevent shell users from going beyond their home directories? Is implementing a jailed shell a good option? Can I use this feature that is readily available in WHM?
View 9 Replies
View Related