Do you need a Dedicated Server? Published: Jun 08, 2004
  • Rating

    5/5

Chkrootkit is a powerful tool to scan your Linux server for trojans. We'll show you how to install it, scan your server and setup a daily automated scanning job that emails you the report.

Chkrootkit is a powerful tool to scan your Linux server for trojans. We'll show you how to install it, scan your server and setup a daily automated scanning job that emails you the report.

Installing CHKROOTKIT

Version 0.42b (Sept. 20 2003)

SSH as admin to your server. DO NOT use telnet, it should be disabled anyways.

#Change to root
su -

#Type the following
wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz

# Check the MD5 SUM of the download for security:
ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.md5

md5sum chkrootkit.tar.gz

#Unpack the tarball using the command
tar xvzf chkrootkit.tar.gz

#Change to the directory it created
cd chkrootkit*

#Compile by typing
make sense

#To use chkrootkit, just type the command
./chkrootkit

#Everything it outputs should be 'not found' or 'not infected'...

Important Note: If you see 'Checking `bindshell'... INFECTED (PORTS:  465)' read on.
I'm running PortSentry/klaxon. What's wrong with the bindshell test?
If you're running PortSentry/klaxon or another program that binds itself to unused ports probably chkrootkit will give you a false positive on the bindshell test (ports 114/tcp, 465/tcp, 511/tcp, 1008/tcp, 1524/tcp, 1999/tcp, 3879/tcp, 4369/tcp, 5665/tcp, 10008/tcp, 12321/tcp, 23132/tcp, 27374/tcp, 29364/tcp, 31336/tcp, 31337/tcp, 45454/tcp, 47017/tcp, 47889/tcp, 60001/tcp).

#Now,
cd ..
#Then remove the .gz file
rm chkrootkit.tar.gz

Daily Automated System Scan that emails you a report

While in SSH run the following:
pico /etc/cron.daily/chkrootkit.sh

Insert the following to the new file:
#!/bin/bash
cd /yourinstallpath/chkrootkit-0.42b/
./chkrootkit | mail -s "Daily chkrootkit from Servername"
[email protected]

Important:
1. Replace 'yourinstallpath' with the actual path to where you unpacked Chkrootkit.
2. Change 'Servername' to the server your running so you know where it's coming from.
3. Change '[email protected]' to your actual email address where the script will mail you.

Now save the file in SSH:
Ctrl+X then type Y

Change the file permissions so we can run it
chmod 755 /etc/cron.daily/chkrootkit.sh

Now if you like you can run a test report manually in SSH to see how it looks.
cd /etc/cron.daily/

./chkrootkit.sh

You'll now receive a nice email with the report! This will now happen everyday so you don't have to run it manually.

  • Rating

    5/5

Related Articles

Comments (1)

  • Gravatar - Baltic server
    Baltic server 19:39, August 5, 2010
    Hello,

    www.BalticServers.com/en - superior quality affordable dedicated servers, vps , web hosting , colocation in Lithuania, BALTIC STATES , European Union.
    Adult, warez linking and ect. Are ALLOWED. OFFSHORE!

    Data center infrastructure:

    * TIER III infrastructure.
    * Internet bandwidth from Level3, Globalcom, Linxtelecom, verizon, Deutsche Telecom.
    * UPS system
    * Diesel generator
    * Fire protection
    * Physical Security
    * Air conditioning system
    * Air humidification
    * 24/7 technical support

    ---------------------------------------
    More dedicated server offers: http://balticservers.com/Dedicated-I...-Intel-servers


    Intel Processor: E6500 2x2.93GHz
    RAM Memory: 2 GB DDRII
    Hard drive: 2x 1TB SATA
    RAID massive: Host based RAID 1,0
    Technology: No hot swap
    Server platform: Intel components
    Bandwidth: 10 Mbps
    Root access, IP KVM,
    Remote power management: +
    Price: 54.99 - 43.00 Eur/month

    ALL VPS WITH 30% DISCOUNT:

    Just push on this coupon code: www.BalticServers.com/9YEARS



    IP Ping: 77.79.12.1
    4MB file download: http://www.balticservers.com/bigfile.bin
    100mb file download: http://www.balticservers.com/bigfile2.bin


    Contact me if you want to customize your server!

    Operating systems

    * CentOS 4 or 5, 32 arba 64bit
    * Debian 5.0, 32 or 64bit
    * SuSE 11.1, 32 or 64bit
    * Ubuntu 8.04 or 9.10, 32 or 64bit

    In you are interested or need more information or discounts, feel free contact me:


    email: [email protected]
    skype: neas21
    tel: +370 655 11833

    We accept payments via PayPal, WebMoney, Bank Wire. Ask for more payment methods.

Add Your Thoughts

WebHostGear.com is a hosting directory, not a web host.

Copyright © 1998-2021 WebHostGear.com