Security :: Chkrootkit Versus Rootkit Hunter

Jun 8, 2010

I am going through the motions of testing the checkrootkit and rootkit hunter applications on one of our servers. I wanted to get feedback from those who know both as to which of the two is better at 'sniffing' out rootkits. Alternatively, can both be installed without their interfering with the other?

View 4 Replies


ADVERTISEMENT

Security :: X Freezing, Rkhunter Warns About Adore Rootkit?

Mar 8, 2010

Something really nasty happened to my Arch Linux just now and I don't know why. I was switching through Xfwm4 themes when suddenly Kate crashed and brought down X with it. I started X back up, and Xfwm got hung up, I had to switch to another VT and run "killall X". I tried replacing xfwm4 with pekwm (but still with xfce4-panel) in .xinitrc, same thing. I deleted all my Xfce config files and tried again. The mouse didn't even move. The keyboard didn't work, not even the keyboard light would come on and I couldn't switch to another VT. I was forced to use the Reset button and hope it wouldn't ruin my hard drive.

It booted up fine, I purged all xfce4-related packages just in case while still in CLI mode, and I ran "xinit /usr/bin/pekwm" and I got into a working GUI. I closed a window and X froze again! The window's close button just stayed presses after I let go of it! I killed X from another VT. So I installed and ran "rkhunter" form AUR (I wonder why they don't have it in the arch repos, it's so much better that chkrootkit) and it warned that I might have Adore Rootkit. What should I do? If it helps, I recently installed a few packages from the Arch Linux AUR, including "ooc-git", "ooc-gtksourceview-git", "libpng12", and "virtualbox_bin".

View 3 Replies View Related

Ubuntu Security :: Best Way To Use Chkrootkit Or Rkhunter

Apr 14, 2010

What the best method is for checking for rootkits? I have heard that it is best not to install and run these programs on the distro itself. Would it be possible to install them on another distro/partition and then use them to check for rootkits on my main partition/distro (Ubuntu)?

View 9 Replies View Related

Ubuntu Security :: Chkrootkit Log, Compromised Box?

Mar 28, 2011

Looks like my firefox has been compromised and i have a packet sniffer. Not sure what to do.Should I just delete the suspicous files? here's the chkrootkit log:

ROOTDIR is `/'
Checking `amd'... not found
Checking `basename'... not infected

[code]....

View 6 Replies View Related

Security :: Localhost Scans With Rkhunter And Chkrootkit?

Feb 16, 2011

Let's say you have a host with some kind of locally installed root kit detector/scanner.

If someone managed to get root access to that box. Wouldn't the first thing to do, before installing a root kit, be to remove any kind root kit detector?

View 3 Replies View Related

Ubuntu Security :: Ran A Chkrootkit Scan And Found - Suspicious Files And Directories ?

Aug 1, 2010

I ran a chkrootkit scan and found this: The following suspicious files and directories were found: /usr/lib/pymodules/python2.6/.path /usr/lib/xulrunner-1.9.2.8/.autoreg /usr/lib/firefox 3.6.8/.autoreg /usr/lib/jvm/.java-6-openjdk.jinfo

How do I get rid of this suspicious file?

View 4 Replies View Related

Security :: Connection Between Traffic Control Rules & Chkrootkit Threat Notifications?

Sep 25, 2010

Two days ago we started to receive the following message:

/etc/cron.daily/chkrootkit:
The following suspicious files and directories were found:
/lib/init/rw/.mdadm /lib/init/rw/.ramfs
/lib/init/rw/.mdadm
INFECTED (PORTS: 4369)
You have 2 process hidden for ps command
chkproc: Warning: Possible LKM Trojan installed

And about at the same time (a day before that) we have set up new rules for the queueing disciplines using 'tc' on our Debian lenny box (these rules are for some of the experiments we are carrying out). I have ran the chkrootkit manually and this message (as above) keeps appearing, while the rkhunter tool does not complain about these items. Could there be a connection between setting up the new qdisc's and the chkrootkit "INFECTED" messages?

View 7 Replies View Related

Ubuntu Security :: Rkhunter/ Chkrootkit And Exim4 - Installing Progs On Lucid It Comes With Exim4?

May 7, 2010

When installing these progs on Lucid it comes with exim4,I noticed this in the terminal output. What has exim4 to do with rkhunter and/or chkrootkit?

View 3 Replies View Related

General :: Security Versus Windows Security

Sep 10, 2009

As Linux gains in popularity, (as I believe it will), do you think that Linux will ever become the target of as many virus and worm threats as Windows has faced? If so, do you think that the threats will have much success?

View 2 Replies View Related

Security :: Kerberos Versus LDAP SSL

Apr 21, 2011

I am integrating my Unix box to the Windows AD using PAM_LDAP and Kerberos enabled. I was wondering, since Kerberos is enabled is there any point to enable SSL on my LDAP.conf? My understanding is that since Kerberos is enabled, therefore the username/password is sent securely there isn't any benefit of enabling SSL on the LDAP.conf? It's one of or another.

View 1 Replies View Related

Ubuntu Security :: Sudo Versus SU And Superuser Privileges

Jul 19, 2011

So, I'm not quite sure what the difference is? Is it that sudo allows you to "borrow" superuser privileges, whilst su allows you to actually log in as superuser? Also, when I sudo [command] and get prompted for a password, after I input it, things work just fine, but if I su, and then get prompted for a password, I can't log in as superuser... Why is this?

View 9 Replies View Related

Ubuntu Security :: Reject Versus Drop For Outbound Traffic

Apr 15, 2011

I understand the difference between Reject vs Drop for incoming traffic, but are there any differences between reject and drop for Outbound Traffic? Are there reasons to pick one over the other or are they functionally identical when talking about Outbound traffic?

View 6 Replies View Related

Ubuntu :: Rkhunter Output - Possible Rootkit ?

Nov 9, 2010

Quote:

Warning: Network TCP port 60922 is being used by /usr/lib/chromium-browser/chromium-browser. Possible rootkit: zaRwT.KiT

Use the 'lsof -i' or 'netstat -an' command to check this.

Got this checking rkhunter logs but running rkhunter shows nothing suspicious, should I be worried?

View 1 Replies View Related

General :: Rootkit Copy Protection Pose?

Jan 9, 2010

Does rootkit copy protection pose a problem in Linux? I own only one CD with rootkit (XCP), and was wondering if I should avoid playing it on this Linux system. (I know Sony offered to take back the CDs and exchange them for rootkit-free copies, but I never cared to go to the trouble.) (It's not particularly important, because all I have to do is play this CD in my DVD player.)

View 1 Replies View Related

Ubuntu :: DR Rootkit - Unable To Compile The Source Code

Mar 30, 2011

I am trying to install a DR rootkit into ubuntu for an assignment, im using vm ware but can only get as far as extracting the rootkit and not being able to compile the source code.. when i use the ./configure command it says there is no such file or directory and when i use the make command it keeps getting errors.

View 2 Replies View Related

Ubuntu Security :: Ubuntu Sudo Versus Windows 7 User Account Control

Jan 6, 2010

Is windows 7 UAC basically a user/system control system like sudo?

View 7 Replies View Related

General :: Install A Rootkit Or Keylogger On The Unix Operating System

Jan 24, 2010

I have a projet at university, and i need to install a rootkit or keylogger on the unix operating system, i have searched over the internet and i have found names of rootkits but i couldnt download or get the source code for the rootkit. Does anyone know where to find a rootkit or keylogger to use?

View 5 Replies View Related

Fedora :: After Running Chkrootkit I Got Warning / Remove This?

Jul 6, 2011

Suckit rootkit... Warning: /sbin/init INFECTED

How can I remove this guys? using fedora 15 64bits

View 14 Replies View Related

OpenSUSE :: Install Chkrootkit / Rkhunter And Zenmap In 11.2 Kde

Jun 23, 2010

how to install chkrootkit, rkhunter and zenmap in suse 11.2 kde

View 9 Replies View Related

Ubuntu Security :: Pubring.gpg Versus Pubring.gpg

Apr 12, 2011

I am following the GnuPG MiniHowTo here: [URL] After running gpg --gen-key, I get these files in my ~/.gnupg directory:

-rw------- 1 luke luke 2232 2011-04-12 10:33 pubring.gpg
-rw------- 1 luke luke 2232 2011-04-12 10:27 pubring.gpg~
-rw------- 1 luke luke 600 2011-04-12 10:27 random_seed
-rw------- 1 luke luke 4890 2011-04-12 10:27 secring.gpg
-rw------- 1 luke luke 1280 2011-04-12 10:33 trustdb.gpg

What is the "pubring.gpg~" file? I cannot find any documentation on it anywhere. Also, according to all the documentation I read, the result of the gpg --gen-key command should result in a "pubring.gpg.lock" file, but as you can see, this doesn't happen for me.

View 1 Replies View Related

General :: GUI Versus RPM And APT

Apr 6, 2010

Why should I concern myself only with a graphical front end rather than learning APT or RPM? Or are those really, really hard to learn?

View 7 Replies View Related

Fedora :: PolicyKit - F12 Versus F11

Dec 30, 2009

In F11 to run PolicyKit I entered the following at the command line.

polkit-gnome-authorization

In F12 this doesn't work. I get an error message "command not found"

How do I access PolicyKit in Fedora 12?

View 2 Replies View Related

Ubuntu Multimedia :: K3B : Rip To Mp3 Versus Ogg?

Dec 19, 2010

I'm on Ubuntu 10.10

I was using K3B the other day and could not find an option to rip a CD to mp3 files instead of ogg. How can I do this?

View 4 Replies View Related

Ubuntu Installation :: 64 Bit Versus 32 Bit

Jun 15, 2011

I just built a computer with a MSI 760GM-E51 Motherboard, AMD Phenom II 955 CPU and 4 GB memory (2 x 2 GB G.Skill DDR3-1333 PC3-10666) I first installed 10.04 LTS 64bit. But I think I am going to go to 11.04. I am just looking for a vote, would you install 32 or 64 bit. I am not a real power user, biggest thing I would do would be video editing. If I am going to play resource demanding games, I would probably boot into XP.

View 6 Replies View Related

Red Hat :: Difference Between RAID Versus LVM

May 22, 2011

What is the difference between RAID versus LVM?

View 2 Replies View Related

Fedora :: Gnome Versus KDE Applications

May 31, 2010

I installed Fedora 13 and use the Gnome desktop. I want to keep my installation as clean as possible and have heard some contrary advice about installing both Gnome and KDE desktops, so I want to stay with just Gnome. In the past I have mixed both and feel that resulted in tons of packages that I probably didn't need and tons of updates all the time. However, some applications seem to be KDE applications and installing them requires installation of many KDE packages. This is a source of confusion for me:

Is there a distinction between Gnome applications and KDE applications? If so, how do you tell the difference? Should one NOT install KDE applications if you are using the Gnome desktop and not interested in installing KDE desktop? Is there a best practice on how to approach which software to install so that you do not create a mix and match mess?

View 12 Replies View Related

OpenSUSE :: FreeNX On 11 Versus 11.1 - What's The Difference

Jan 13, 2011

I have a script that basically adds a zypper repo, then proceeds to install and configure FreeNX.To add the repo:

Code:

zypper addrepo Index of /repositories/X11:/RemoteDesktop/openSUSE_11.1 RemoteDesktop

To install FreeNX & it's relevant dependencies:

Code:

zypper install FreeNX

To setup and configure FreeNX:

Code:

nxsetup --install --setup-nomachine-key --clean --purge
sed -i 's/AllowUsers idcuser/AllowUsers idcuser nx/' /etc/ssh/sshd_config
service sshd reload

[code]....

After completing these steps on version 11, I can immediately open the FreeNX client (windows 7), and connect. On 11.1, at the very end of the FreeNX connect, just after "Dowloading the session information", I get:

Code:

NX> 105 startsession --link="lan" --backingstore="1" --encryption="1" --cache="16M" --images="64M" --shmem="1" --shpix="1" --strict="0" --composite="1" --media="0" --session="170.224.164.19" --type="unix-gnome" --geometry="1274x956" --client="winnt" --keyboard="pc102/en_US" --screeninfo="1274x956x16+render"

Permission denied (publickey,keyboard-interactive).NX> 280 Exiting on signal: 15 I've googled this to death, and tried a bunch of random changes to both ssh and nxserver, but I can't seem to get rid of it. What might have changed from 11 to 11.1 that could cause this behavior change? The NXserver seems to be configured and running identical on both systems.

View 8 Replies View Related

Ubuntu Multimedia :: ATI Versus Nvidia

Jul 18, 2010

Are there big disadvantages to building a computer around a motherboard with ATI Radeon graphics instead of Nvidia? I am using an AMD CPU to save money, but all the motherboards AMD recommends use ATI. I have always used Nvidia in the past, And am not sure what the current state of ATI Linux drivers is. I know I would be giving up VDPAU acceleration for video playback, but hopefully the Athlon� II X4 635 processor I am looking at has enough horsepower to handle this on it's own, even for high-def h264.

View 7 Replies View Related

Ubuntu :: Dvdr/rw Versus Usb Drive

Nov 20, 2010

With the problems I seem to be having I was wondering about data integrity of an optical disc vs a USB drive.How about transfer speed? I assume you can format a usb drive as ext4. I am beginning to wonder why I put 2 new dvdr/rws in my new computer.Is an external hard drive the best solution for backing up files?

View 1 Replies View Related

General :: Bash Versus Pinyin ?

Aug 23, 2010

I am trying my hand at Bash scripting. I have a file with lots of pinyin, which is the romanized version of Chinese characters and words. A typical entry looks like this,

"7 shuo1 to speak"

Seven is the number of the entry shuo is the pinyin, 1 is the tone mark and is the Chinese character.

What I would like to do is change the format so that it looks more like this:

7 shuo 1

Each field needs to be re-assigned to a variable in an array and then printed to the screen and saved to a file in the same order it was input. This is to prepare the data for another project I am working on in imagemagick.

I have spent all day looking at linux man pages and have very little to show for my efforts. What is the best way to approach this? grep, awk, sed...?

View 1 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved