Windows Equivalent Of Chkrootkit, Rkhunter
Oct 29, 2009i use those 2 programs for scanning for rootkit programs.
are there any free programs for windows?
ADVERTISEMENT
CHKROOTKIT Or RKHunter
Jul 29, 2009which of the is better?
CHKROOTKIT or RKHunter?
i want to install and run it via ssh.
Rkhunter & Chkrootkit?
Jun 30, 2008I've honestly never had to worry about protecting myself from exploits until this week, when I found out somebody agined access t othe server using an old script on an old account (teach me to delete client accounts when they leave me, it did!)
I'm working on a new server and going through lots of posts on better securing it, and two things that are suggested is installing chkrootkit and rkhunter, and adding them to the daily cron jobs. Learned how to install and set up the daily script for chkrootkit, but here's what I'd like to do that I'm not sure how to go about, I'd like to a) be notified ONLY if there are changes in the daily scans (especially since there are a couple of false positives I'm aware of) and b) be e-mailed a full report once a week, whether or not there were any changes.
I've got rkhunter installed as well, but I can't seem to find a script that will properly execute it and e-mail it to me. Does anybody have one that works? I'd also like to only get an e-mail if there are changes, except for a once weekly scan result.
Rkhunter Vs. Chkrootkit - Best Way To Run
Dec 31, 2007A couple days ago, I installed Rkhunter 1.3.0. I updated it, ran it, and put in my my crontab.root
30 23 * * * /usr/local/bin/rkhunter --cronjob > /dev/null
I just finished installing chkrootkit 0.48. I ran it and everything seems fine.
Is there a way to run this as a service?? I ask because in my VPS control panel, the security check still shows that Chkrootkit isn't installed.
Do I put it in the crontab.root file, or does it run as a service?
Also... Does it do the same thing as Rkhunter, or should I have them both installed?
./chkrootkit.sh: Line 2: Cd: /downloads/chkrootkit-0.48/: No Such File Or Directory
Aug 6, 2008I just try install
but as title I have this error
./chkrootkit.sh: line 2: cd: /downloads/chkrootkit-0.48/: No such file or directory
./chkrootkit.sh: line 3: ./chkrootkit: No such file or directory
I’m edite
pico /etc/cron.daily/chkrootkit.sh
and set it to
#!/bin/bash
cd /downloads/chkrootkit-0.48/
./chkrootkit | mail -s "Daily chkrootkit from Servername" ****@****.com
then I try make test by
cd /etc/cron.daily/
./chkrootkit.sh
and it give me this error
./chkrootkit.sh: line 2: cd: /downloads/chkrootkit-0.48/: No such file or directory .
./chkrootkit.sh: line 3: ./chkrootkit: No such file or directory
What Is Windows Equivalent To Linux CHMOD 666
May 5, 2009On a Linux box, I know how to set a file to CHMOD 666 permissions. How do you set world writable permissions to a file on a Windows server?
View 7 Replies View RelatedHow May I Use Of Chkrootkit?
Aug 13, 2007i install it is for what? how may i use of it?
View 5 Replies View RelatedChkrootkit Log Has Errors
Jan 7, 2009I have performed chkrootkit and got the following results. It suggests that there are a lot of problems. how would i get rid of these?
Checking `lsof'... not infected
Checking `mail'... not infected
Checking `mingetty'... not infected
Checking `netstat'... not infected
Checking `named'... not infected
Checking `passwd'... not infected
Checking `pidof'... not infected
Checking `pop2'... not found
Checking `pop3'... not found
Checking `ps'... not infected
Checking `pstree'... not infected
Checking `rpcinfo'... not infected
Checking `rlogind'... not found
Checking `rshd'... not found
Checking `slogin'... not infected
Checking `sendmail'... not infected
Checking `sshd'... not infected
Checking `syslogd'... not infected
Checking `tar'... not infected
Checking `tcpd'... not infected
Checking `tcpdump'... not infected
Checking `top'... not infected
Checking `telnetd'... not infected
Checking `timed'... not found
Checking `traceroute'... not infected
Checking `vdir'... not infected
Checking `w'... not infected
Checking `write'... not infected
Checking `aliens'... no suspect files
Searching for sniffer's logs, it may take a while... nothing found
Searching for HiDrootkit's default dir... nothing found
Searching for t0rn's default files and dirs... nothing found
Searching for t0rn's v8 defaults... nothing found
Searching for Lion Worm default files and dirs... nothing found
Searching for RSHA's default files and dir... nothing found
Searching for RH-Sharpe's default files... nothing found
Searching for Ambient's rootkit (ark) default files and dirs... nothing found
Searching for suspicious files and dirs, it may take a while...
Error In Install Chkrootkit-0.48
May 29, 2008I have following error when try to install chkrootkit-0.48 on server:
[root@m5088 chkrootkit-0.48]# make sense
gcc -DHAVE_LASTLOG_H -o chklastlog chklastlog.c
make: gcc: Command not found
make: *** [chklastlog] Error 127
How can resolve this issue?
Chkrootkit :: Not Promisc And No PF_PACKET Sockets
May 27, 2007Checking `sniffer'... eth0: not promisc and no PF_PACKET sockets
eth1: not promisc and no PF_PACKET sockets
eth1:1: not promisc and no PF_PACKET sockets
eth1:2: not promisc and no PF_PACKET sockets
eth1:3: not promisc and no PF_PACKET sockets
eth1:4: not promisc and no PF_PACKET sockets
Anything I should be worried about?
Dail Chkrootkit Find Shell
Aug 26, 2007shkrootkit sent one e-mail
Checking `bindshell'... INFECTED (PORTS: 465)
Checking `lkm'... You have 1 process hidden for ps command
chkproc: Warning: Possible LKM Trojan installed
what means?
Equivalent Of CGI-BIN For IIS Server
Oct 2, 2007Is it just a directory with modified permissions or am I missing something really easy?
View 3 Replies View RelatedFree -m Equivalent
Feb 21, 2007Can anyone please give me free -m command equivalent for FreeBSD?
View 1 Replies View RelatedIntel I7 Equivalent Xeon
Jan 2, 2009if there is already an equivalent Xeon for the i7 processors?
I mean that for example C2Q Q6600 is equivalent for X3220 if I'm right.
Also, I guess those Servers will cost a lot more, not only because the processor is very costly but it also requires DDR3 RAM which is still nowadays quite expensive...
Free Equivalent To Cpanel
Apr 13, 2009Im looking for a free equivalent to Cpanel, how ever it must do similar things and offer similar features. Its also must do the same things in terms of emails such as the incoming/outgoing mail server will be mail.domain.com and their user names will be their email addresses.
Another feature i would like is the ability to migrate from Cpanel to this control panel.
IIS Equivalent To Apache Mod_rewrite
Jul 14, 2009I'm moving a framework over to a new server for a client and they're using IIS. Is there an IIS equivalent to the following two lines of mod_rewrite code from Apache?
Code:
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ pamwf.php?PAMWF_PATH_QUERY=$1 [L,QSA]
SoftLayer / ThePlanet Equivalent In Europe
Oct 12, 2008I am looking for a good dedicated server provider in Europe. Ideally I am looking for something similar to softlayer or theplanet but in the EU.
three things that are important for us and do not seem to be offered by many providers:
- Ability to do automated secure (connection initiated by the backup device) offsite backups via eVault or r1soft.
- Ability to add additional servers in the future (e.g. separate db server) as part of our "internal" network (this is: any traffic between our servers would count as internal traffic and not against our bandwith limits). E.g. Softlayer by default and for free gives you your own virtual private network and you can add new servers as need arises.
- ability to upgrade configurations and have the ability to customize our hardware setup.
other than the above we need cPanel/whm, a trustworthy company, good support, option for managed or unmanaged service.
any suggestions?
Dual Core Xeon 3 Ghz Equivalent
Feb 17, 2008There are a lot of changes in the naming convention Duo Core Quad Core, Core2Dual, Core2Quad. I wonder for Dual Core Xeon 3Ghz (which we called previously) would would be its equivalent or better now than is easily found on the market?
View 0 Replies View RelatedLinux Equivalent Of Microsoft Echange
Jul 8, 2007some functionality found in MS Exchange but for Linux. Looking for contacts management, calendar(s) and the ability to create meeting requests that can be sent. Pretty basic stuff but I need it to use outlook on the client side still.
View 8 Replies View Related3com 3226 Switch Equivalent
Feb 24, 2007I have been using 3com 3226 and love it! But it is EOL now, do anyone know of the equivalent new model from 3com?
View 2 Replies View RelatedNeophyte Choose Web Hosting (VPS Or Near-equivalent)
Aug 11, 2007I currently run five websites that are hosted by Yahoo! Small Business.
I am extremely frustrated by the fact that I cannot use PHP 5 and MySQL 5 with these websites. I pay ~$200/month for these 5 webhosting accounts.
I am beginning to see that paying this much to host 5 websites where I cannot even use the PHP version that I would like to is a bit ridiculous.
I know that I could simply switch to another shared hosting provider that includes PHP 5 as an option, but since I am running 5 websites concurrently, and these websites are each just about maxed with respect to bandwidth and disk space, shouldn't I look into another option?
So as I can see, my options are either a VDS/VPS, where I could host all 5 websites for one fee that would probably be MUCH lower than my $200/month I am paying currently, or something else that is similar.
I have decided that I want/need root access, because that way I can install/configure the system with whatever I desire now and in the future, BUT: I am not familiar with Linux (and I would want Linux) server administration; I don't know whether to choose CentOS4 or Red Hat Fedora Core 6 for an example; I don't know which Plesk 8 options I would need, etc......
WILL I BE GETTING MYSELF INTO A LOT OF TROUBLE if I choose a VPS and I am unable for some reason to administer the server properly?
I AM familiar with UNIX administration on OS X for example, and I AM familiar with coding.... PHP, SQL, Perl, Python, etc....
I just don't want to get myself into trouble although I am sure I want at least a VDS/VPS and I am sure I want root access.
I am confused as to what my options are other than a VDS/VPS (I don't think I need a dedicated server yet).
I have visited TextDrive and read about their Joyent Accelerators; what are they exactly? Not a VPS, but a scalable web-application-deployment environment?
This has been a long post and as you can see I am completely confused as to where to go from here..... could anyone that doesn't mind please let me know what my options are and what might be a good fit?
My websites are database-driven and need to be scalable.
A few of my requirements:
Full Root Access
Linux OS
at least 600GB Bandwidth
at least 25GB disk space
FTP Backup / Routine Server Backup for entire site
384-512MB Guaranteed RAM
Plesk 8 (I think) with various add-ons (which ones I don't yet know)
Support for 100 MySQL databases
Rkhunter
Oct 25, 2009Since my Centos updated from 5.3 to 5.4 i am getting this "error" with rkhunter.
Warning: Possible promiscuous interfaces:
'ifconfig' command output: UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
'ip' command output: eth1
'ip' command output: eth0
I already ran:
rkhunter --propupd
Rkhunter Log
Sep 27, 2007about my rkhunter`s log. It gives some warnings but i dont know if they are really important ones.
Here are the warnings it gives :
Warning: The command '/usr/bin/GET' has been replaced by a script: /usr/bin/GET: perl script text executable
Warning: The command '/usr/bin/groups' has been replaced by a script: /usr/bin/groups: Bourne shell script text executable
Warning: The command '/usr/bin/ldd' has been replaced by a script: /usr/bin/ldd: Bourne shell script text executable
Warning: The command '/usr/bin/whatis' has been replaced by a script: /usr/bin/whatis: Bourne shell script text executable
Warning: The command '/sbin/ifdown' has been replaced by a script: /sbin/ifdown: Bourne-Again shell script text executable
Warning: The command '/sbin/ifup' has been replaced by a script: /sbin/ifup: Bourne-Again shell script text executable
Warning: Found enabled xinetd service: /etc/xinetd.d/ftp_psa
Warning: Found enabled xinetd service: /etc/xinetd.d/poppassd_psa
Warning: Found enabled xinetd service: /etc/xinetd.d/smtp_psa
Warning: Found enabled xinetd service: /etc/xinetd.d/smtps_psa
Warning: The SSH configuration option 'PermitRootLogin' has not been set.
The default value may be 'yes', to allow root access.
Warning: Hidden file found: /usr/share/man/man1/..1.gz: gzip compressed data, from Unix, max compression
Warning: Application 'gpg', version '1.2.6', is out of date, and possibly a security risk.
Warning: Application 'openssl', version '0.9.7a', is out of date, and possibly a security risk.
Warning: Application 'php', version '4.3.9', is out of date, and possibly a security risk.
I am using plesk and i am using yum update for updating files and scripts. So i dont know how can i update gpg php and openssl. Plus for some time it said like port 2006 is open and possible trojan backdoor. But when i check now it doesnt give any error like that.
if there is any major problem at those logs or not?
if someone also wants i can attach the full rkhunter.log or only warning output rkhunter.log
500 Error For Compiled Lisp Program And No Trouble For The Equivalent C App
May 9, 2009I'm trying to setup the Clozure Common Lisp implementation for CGI web programming. I've made a hello application and compiled it.
I can type ./index.cgi at the terminal and the properly formatted header and some text are displayed.
When I try to view the index page though the web browser I get an internal server error.
Quote:
Couldn't load lisp heap image from
[Sun May 10 09:31:25 2009] [error] [client 127.0.0.1] Premature end of script headers: index.cgi
I'm wondering if this is a Lisp problem or a problem with the web server/permissions.
I wrote a hello world CGI app in C and ran that through the browser without any problems.
I applied the same permissions from the C app to the Lisp app and still had the same problem.
I *think* this is a Lisp problem, but just felt that I should check with some people who are more familiar with server setups than myself.
Run Rkhunter And Got The Following Report
May 30, 2007I have run rkhunter and got the following report, I have checked everything and seems to be fine. Also, I have run rkhunter --update and didn't help. How can remove this bad messages? Do I need to reinstall the package?
/bin/dmesg [ BAD ]
/bin/env [ BAD ]
/bin/grep [ BAD ]
/bin/kill [ BAD ]
/bin/login [ BAD ]
Rkhunter 1.3.0 Warnings
Oct 5, 2007I was testing the new RKHunter 1.3.0, and found a few warnings:
Code:
/usr/bin/GET [ Warning ]
/usr/bin/groups [ Warning ]
/usr/bin/ldd [ Warning ]
/usr/bin/whatis [ Warning ]
/sbin/ifdown [ Warning ]
/sbin/ifup [ Warning ]
Investigating the logs found this:
Code:
Warning: The command '/usr/bin/GET' has been replaced by a script: /usr/bin/GET: perl script text executable
Warning: The command '/usr/bin/groups' has been replaced by a script: /usr/bin/groups: Bourne shell script text executable
Warning: The command '/usr/bin/ldd' has been replaced by a script: /usr/bin/ldd: Bourne shell script text executable
Warning: The command '/usr/bin/whatis' has been replaced by a script: /usr/bin/whatis: Bourne shell script text executable
Warning: The command '/sbin/ifdown' has been replaced by a script: /sbin/ifdown: Bourne-Again shell script text executable
Warning: The command '/sbin/ifup' has been replaced by a script: /sbin/ifup: Bourne-Again shell script text executable
Same result in two different RHE 4 boxes... just to verify that this is a false positive , do you have the same results in your RHE 4 boxes while running "rkhunter -c" ?
Rkhunter - New False Positives
Jun 30, 2008 Rootkit Hunter version 1.3.2 ]
[1;33mChecking rkhunter version... [0;39m
This version : 1.3.2
Latest version: 1.3.2
[ Rootkit Hunter version 1.3.2 ]
[1;33mChecking rkhunter data files... [0;39m
Checking file mirrors.dat [34C[ [1;32mNo update [0;39m ]
Checking file programs_bad.dat [29C[ [1;32mNo update [0;39m ]
Checking file backdoorports.dat [28C[ [1;32mNo update [0;39m ]
Checking file suspscan.dat [33C[ [1;32mNo update [0;39m ]
Checking file i18n/cn [38C[ [1;32mNo update [0;39m ]
Checking file i18n/en [38C[ [1;32mNo update [0;39m ]
Checking file i18n/zh [38C[ [1;32mNo update [0;39m ]
Checking file i18n/zh.utf8 [33C[ [1;32mNo update [0;39m ]
Warning: Checking for preload file [ Warning ]
Warning: Found library preload file: /etc/ld.so.preload
Warning: The file properties have changed:
File: /bin/ps
Current hash: 36f3d8a9fcaebf5838e5e55ebdcac7e355477343
Stored hash : 8f1acf237e562043f8353f4ec5d0c3490c0d0cb3
Current inode: 1228803 Stored inode: 1228857
Current size: 61364 Stored size: 67088
Current file modification time: 1214487892
Stored file modification time : 1195262225
Warning: The command '/usr/bin/GET' has been replaced by a script: /usr/bin/GET: perl script text executable
Warning: The command '/usr/bin/groups' has been replaced by a script: /usr/bin/groups: Bourne shell script text executable
Warning: The command '/usr/bin/ldd' has been replaced by a script: /usr/bin/ldd: Bourne shell script text executable
Warning: The file properties have changed:
File: /usr/bin/top
Current hash: 15f1f743d73d9546a05a15644816139de7708327
Stored hash : 5e78fb7f0a02643a91964081ca03316dbaf01bdd
Current inode: 246165 Stored inode: 245920
Current size: 48536 Stored size: 48504
Current file modification time: 1214487892
Stored file modification time : 1195262225
Warning: The file properties have changed:
File: /usr/bin/vmstat
Current hash: 898351bc3be226caf6915715b23a1c7cc5d35fdd
Stored hash : edaa64f3921a0a2d873c14a5eb641ba883f4dcff
Current inode: 246561 Stored inode: 246020
Current size: 17872 Stored size: 20444
Current file modification time: 1214487892
Stored file modification time : 1195262225
Warning: The file properties have changed:
File: /usr/bin/w
Current hash: 480c2c2e4f1048e19fc075f4daebe79fa84e08d1
Stored hash : 87f39eeb583bc7f6622e95fd0266f093ed8b362b
Current inode: 246020 Stored inode: 246167
Current size: 9720 Stored size: 11720
Current file modification time: 1214487892
Stored file modification time : 1195262225
Warning: The file properties have changed:
File: /usr/bin/watch
Current inode: 246167 Stored inode: 245924
Current file modification time: 1214487892
Stored file modification time : 1195262225
Warning: The command '/usr/bin/whatis' has been replaced by a script: /usr/bin/whatis: Bourne shell script text executable
Warning: The command '/sbin/ifdown' has been replaced by a script: /sbin/ifdown: Bourne-Again shell script text executable
Warning: The command '/sbin/ifup' has been replaced by a script: /sbin/ifup: Bourne-Again shell script text executable
Warning: The file properties have changed:
File: /sbin/sysctl
Current hash: b560099caf18d28bcc0249efaec75dcddb87b219
Stored hash : fa13202ac5897d9f7198e8afbbe7d0c835b07639
Current inode: 589893 Stored inode: 589875
Current size: 9144 Stored size: 11048
Current file modification time: 1214487892
Stored file modification time : 1195262225
I know some of these warnings like /usr/bin/GET - groups -ldd - whatis - ifdown – ifup are normal false positives.
But other warnings are new,
I think they changed after upgrading the cpanel to 11.23
I have cpanel on centos 4.6
Rkhunter Error Messages
Dec 29, 2007I just ran 'rkhunter -c --quiet' and this is the error messages I got:
Line:
Warning: This operating system is not fully supported!
Line: Warning: This operating system is not fully supported!
Warning: Cannot find md5_not_known
Some errors has been found while checking. Please perform a manual check on this machine debian
Is this something I should be worried about??
I'm running CentOS 5.
How To Know Valunable Applications In Rkhunter
Nov 11, 2007Im not having a much knowledge of server managing well i have a question rkhunter showing after scan that there is two valunable applications he found but im unable to get the name of these files which are valunable how do i know the name of them ?
View 3 Replies View RelatedRkhunter :: Invalid Option Specified: -cronjob
Sep 18, 2009Server Detail : Ceontos / Cpanel
i have installed RKhunter several days ago , after installation i`m receving below email everynight
subjectDaily Rkhunter Scan Report
Invalid option specified: -cronjob
Rkhunter :: The Internationalisation Directory Does Not Exist
Nov 14, 2008rkhunter -c
output:
Default logfile will be used (/var/log/rkhunter.log).
Default temporary directory will be used (/usr/local/rkhunter/lib/rkhunter/tmp).
Default database directory will be used (/usr/local/rkhunter/lib/rkhunter/db).
The internationalisation directory does not exist: /usr/local/rkhunter/lib/rkhunter/db/i18n
Centos