WebHostGear.com - the hosting resource for professionalshosting tutorials hosting howto webhost guide server managementJuly 25, 2008
server management, apache tutorials, hosting tutorials, cpanel, server security
Home | Blog | Hosting Forums | Most Popular | Top Rated | Search | RSS Syndicate | Contact Us | Site Map

Advanced Search
Search Forums

Categories:
Hire an ExpertHire an Expert
Hosting BlogBlog
ArticlesArticles
Hosting TutorialsHosting Tutorials
cPanel TutorialscPanel Tutorials
Server SecurityServer Security
InterviewsInterviews
ReviewsReviews
Web Host NewsWeb Hosting News
ForumsHosting Forums
ProjectsProjects

Special Offer:

Site Related:
Submit hosting articleSubmit Article
AdvertiseAdvertise
About UsAbout Us
WebhostGear PartnersPartners
SyndicateRSS Syndicate
Write for usWrite for us
Recommend UsRecommend Us
DisclaimerDisclaimer
Contact UsContact Us
Site MapSite Map

Free Newsletter:

Subscribe to our free newsletter and receive, tutorials, reviews and more all related to the hosting industry.
E-mail Address:

First Name:



$50 OFF Coupon for Dedicated and VPS Servers

cPanel Dedicated Servers 		Home / Hosting Tutorials / Server Security / Root Check

Root Check



Printer Friendly Printer Friendly Send to a friend Send to a friend
By : ramprage Rating : Average Rating : 6.80 From 10 Voter(s)


RootCheck scans the system looking for possible  trojans ,scans the ports for malicious activity ,and checks for rootkits,and also the logs,permissions and more.

Installation Instructions
Login to your server and su to root.

wget http://www.ossec.net/rootcheck/files/rootcheck-0.4.tar.gz

tar -xvzf rootcheck-0.4.tar.gz
cd rootcheck-0.4
./install

This will take you to an interactive installtion. Make sure you have CPAN on your box because rootcheck requires the Perl Modules IO::Interface.

If the installtion is finished you will get this message

Compilation sucessfull. Ready to go.
 
---------------------------------------------------------
 That's it! If everything went ok, you should be ready
 to run RootCheck. If you any doubts about installation,
 please refer to INSTALL file.
 You can also find additional information at :  
 http://www.ossec.net/rootcheck/ 
 Improves, patches, comments are very welcome.
---------------------------------------------------------

Article provided by WebHostGear.com
Scanning the System
Now you are ready to run rootcheck.



Article provided by WebHostGear.com

There are quite a few options butthe simplest one is

./rootcheck.pl

If the installation was perfect you would get a progress screen of the scan after which the results wiill be writen into results.txt the result is quite explanatory and gives details of all suspected files.

There is also an example file that explains the different options for root check
More Information about rootcheck is available at  http://www.ossec.net/

Submitted by: Dinesh

New! - Need server help? Hire an Expert

Get professional help with your configuration, script installation or server issue.
Learn how we can help you with any server problem and make your server run like new. Professional staff will contact you, after submitting a quote request, by phone or email.

Rate this Article :

1
2
3
4
5
6
7
8
9
10
Poor Excellent

Related Articles


» Guide to Chkrootkit - checking for intruders
» Detect and Clean a hacked server T0rnkit Tutorial
» Rkhunter Installation


Discuss this article with others in our new hosting forums

Comments / Feedback

domper
Can I install rootcheck if I have directadmin as web control panel on my server?.
WHG - Steve
Yes, the type of control panel shouldn't matter.
vijay kumar
very nice tutorial thanks i tried and found it very useful
ParisDNS
Got error when rnning ./rootcheck.pl :

Can't locate IO/Interface.pm in @INC (@INC contains: /usr/lib/perl5/5.8.6/i686-linux /usr/lib/perl5/5.8.6 /usr/lib/perl5/site_perl/5.8.6/i686-linux /usr/lib/perl5/site_perl/5.8.6 /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl .) at mods/checkif.pm line 22.
BEGIN failed--compilation aborted at mods/checkif.pm line 22.
Compilation failed in require at ./rootcheck.pl line 60.
Hesham
The provided URL is not working!
sinangunay
Because new version is avaliable, and changed the usage of script.
please try, http://ossec.underlinux.com.br/rootcheck/
codeunix
the new url link is:
wget http://www.ossec.net/rootcheck/files/rootcheck-0.7.tar.gz
cyberspace
ParisDNS, you need to install the perl module called IO::Interface
Brendan RTG
root@jade [/downloads]# tar -xvzf rootcheck-0.4.tar.gz

gzip: stdin: not in gzip format
tar: Child returned status 1
tar: Error exit delayed from previous errors
root@jade [/downloads]#
Rudi
Does anyone run the check via cron? And if so, how often?

 Add Comment
Name
Email
Image Code
Refresh Image
Comments / Feedback



Web Hosting News RSS ?


WebHostGear Hire an Expert - NEW!
Let us improve your servers performance, find that spammer and take care of that kernel upgrade. Hire us to help with any tutorials listed on the site or any other services needed. Get your free, NO obligation quote now

Our site offers free hosting tutorials, cpanel tutorial, web hosting news, shell commands, running a web hosting business, dedicated guides, linux tutorial, apache install, home web server, web server guide, ssh commands, dedicated servers, DNS nameservers, chkrootkit, apf firewall, exim configuration, server compromised, cron backup solution, ftp backup script

Server Tutorials


WebHostGear Reviewed by Ping Zine - Click here

Special Offer:


Links:
cPanel server administration

MidPhase Coupons

Reseller Hosting

Reseller Hosting FAQ

Icon

Web Hosting

Datacenter Discussion Forum

Lunarpages Coupon

Hosting Coupon



WebhostGear Sponsors
Copyright © 2003-2006 WebHostGear.com - A Wave Point Media property.
Going Up Advertise Hosting Free Uptime Check Web Hosting Chat Icons Banners Mall