Security :: Chkrootkit Versus Rootkit Hunter
Jun 8, 2010
I am going through the motions of testing the checkrootkit and rootkit hunter applications on one of our servers. I wanted to get feedback from those who know both as to which of the two is better at 'sniffing' out rootkits. Alternatively, can both be installed without their interfering with the other?
View 4 Replies
ADVERTISEMENT
Mar 8, 2010
Something really nasty happened to my Arch Linux just now and I don't know why. I was switching through Xfwm4 themes when suddenly Kate crashed and brought down X with it. I started X back up, and Xfwm got hung up, I had to switch to another VT and run "killall X". I tried replacing xfwm4 with pekwm (but still with xfce4-panel) in .xinitrc, same thing. I deleted all my Xfce config files and tried again. The mouse didn't even move. The keyboard didn't work, not even the keyboard light would come on and I couldn't switch to another VT. I was forced to use the Reset button and hope it wouldn't ruin my hard drive.
It booted up fine, I purged all xfce4-related packages just in case while still in CLI mode, and I ran "xinit /usr/bin/pekwm" and I got into a working GUI. I closed a window and X froze again! The window's close button just stayed presses after I let go of it! I killed X from another VT. So I installed and ran "rkhunter" form AUR (I wonder why they don't have it in the arch repos, it's so much better that chkrootkit) and it warned that I might have Adore Rootkit. What should I do? If it helps, I recently installed a few packages from the Arch Linux AUR, including "ooc-git", "ooc-gtksourceview-git", "libpng12", and "virtualbox_bin".
View 3 Replies
View Related
Apr 14, 2010
What the best method is for checking for rootkits? I have heard that it is best not to install and run these programs on the distro itself. Would it be possible to install them on another distro/partition and then use them to check for rootkits on my main partition/distro (Ubuntu)?
View 9 Replies
View Related
Mar 28, 2011
Looks like my firefox has been compromised and i have a packet sniffer. Not sure what to do.Should I just delete the suspicous files? here's the chkrootkit log:
ROOTDIR is `/'
Checking `amd'... not found
Checking `basename'... not infected
[code]....
View 6 Replies
View Related
Feb 16, 2011
Let's say you have a host with some kind of locally installed root kit detector/scanner.
If someone managed to get root access to that box. Wouldn't the first thing to do, before installing a root kit, be to remove any kind root kit detector?
View 3 Replies
View Related
Aug 1, 2010
I ran a chkrootkit scan and found this: The following suspicious files and directories were found: /usr/lib/pymodules/python2.6/.path /usr/lib/xulrunner-1.9.2.8/.autoreg /usr/lib/firefox 3.6.8/.autoreg /usr/lib/jvm/.java-6-openjdk.jinfo
How do I get rid of this suspicious file?
View 4 Replies
View Related
Sep 25, 2010
Two days ago we started to receive the following message:
/etc/cron.daily/chkrootkit:
The following suspicious files and directories were found:
/lib/init/rw/.mdadm /lib/init/rw/.ramfs
/lib/init/rw/.mdadm
INFECTED (PORTS: 4369)
You have 2 process hidden for ps command
chkproc: Warning: Possible LKM Trojan installed
And about at the same time (a day before that) we have set up new rules for the queueing disciplines using 'tc' on our Debian lenny box (these rules are for some of the experiments we are carrying out). I have ran the chkrootkit manually and this message (as above) keeps appearing, while the rkhunter tool does not complain about these items. Could there be a connection between setting up the new qdisc's and the chkrootkit "INFECTED" messages?
View 7 Replies
View Related
May 7, 2010
When installing these progs on Lucid it comes with exim4,I noticed this in the terminal output. What has exim4 to do with rkhunter and/or chkrootkit?
View 3 Replies
View Related
Sep 10, 2009
As Linux gains in popularity, (as I believe it will), do you think that Linux will ever become the target of as many virus and worm threats as Windows has faced? If so, do you think that the threats will have much success?
View 2 Replies
View Related
Apr 21, 2011
I am integrating my Unix box to the Windows AD using PAM_LDAP and Kerberos enabled. I was wondering, since Kerberos is enabled is there any point to enable SSL on my LDAP.conf? My understanding is that since Kerberos is enabled, therefore the username/password is sent securely there isn't any benefit of enabling SSL on the LDAP.conf? It's one of or another.
View 1 Replies
View Related
Jul 19, 2011
So, I'm not quite sure what the difference is? Is it that sudo allows you to "borrow" superuser privileges, whilst su allows you to actually log in as superuser? Also, when I sudo [command] and get prompted for a password, after I input it, things work just fine, but if I su, and then get prompted for a password, I can't log in as superuser... Why is this?
View 9 Replies
View Related
Apr 15, 2011
I understand the difference between Reject vs Drop for incoming traffic, but are there any differences between reject and drop for Outbound Traffic? Are there reasons to pick one over the other or are they functionally identical when talking about Outbound traffic?
View 6 Replies
View Related
Nov 9, 2010
Quote:
Warning: Network TCP port 60922 is being used by /usr/lib/chromium-browser/chromium-browser. Possible rootkit: zaRwT.KiT
Use the 'lsof -i' or 'netstat -an' command to check this.
Got this checking rkhunter logs but running rkhunter shows nothing suspicious, should I be worried?
View 1 Replies
View Related
Jan 9, 2010
Does rootkit copy protection pose a problem in Linux? I own only one CD with rootkit (XCP), and was wondering if I should avoid playing it on this Linux system. (I know Sony offered to take back the CDs and exchange them for rootkit-free copies, but I never cared to go to the trouble.) (It's not particularly important, because all I have to do is play this CD in my DVD player.)
View 1 Replies
View Related
Mar 30, 2011
I am trying to install a DR rootkit into ubuntu for an assignment, im using vm ware but can only get as far as extracting the rootkit and not being able to compile the source code.. when i use the ./configure command it says there is no such file or directory and when i use the make command it keeps getting errors.
View 2 Replies
View Related
Jan 6, 2010
Is windows 7 UAC basically a user/system control system like sudo?
View 7 Replies
View Related
Jan 24, 2010
I have a projet at university, and i need to install a rootkit or keylogger on the unix operating system, i have searched over the internet and i have found names of rootkits but i couldnt download or get the source code for the rootkit. Does anyone know where to find a rootkit or keylogger to use?
View 5 Replies
View Related
Jul 6, 2011
Suckit rootkit... Warning: /sbin/init INFECTED
How can I remove this guys? using fedora 15 64bits
View 14 Replies
View Related
Jun 23, 2010
how to install chkrootkit, rkhunter and zenmap in suse 11.2 kde
View 9 Replies
View Related
Apr 12, 2011
I am following the GnuPG MiniHowTo here: [URL] After running gpg --gen-key, I get these files in my ~/.gnupg directory:
-rw------- 1 luke luke 2232 2011-04-12 10:33 pubring.gpg
-rw------- 1 luke luke 2232 2011-04-12 10:27 pubring.gpg~
-rw------- 1 luke luke 600 2011-04-12 10:27 random_seed
-rw------- 1 luke luke 4890 2011-04-12 10:27 secring.gpg
-rw------- 1 luke luke 1280 2011-04-12 10:33 trustdb.gpg
What is the "pubring.gpg~" file? I cannot find any documentation on it anywhere. Also, according to all the documentation I read, the result of the gpg --gen-key command should result in a "pubring.gpg.lock" file, but as you can see, this doesn't happen for me.
View 1 Replies
View Related
Apr 6, 2010
Why should I concern myself only with a graphical front end rather than learning APT or RPM? Or are those really, really hard to learn?
View 7 Replies
View Related
Dec 30, 2009
In F11 to run PolicyKit I entered the following at the command line.
polkit-gnome-authorization
In F12 this doesn't work. I get an error message "command not found"
How do I access PolicyKit in Fedora 12?
View 2 Replies
View Related
Dec 19, 2010
I'm on Ubuntu 10.10
I was using K3B the other day and could not find an option to rip a CD to mp3 files instead of ogg. How can I do this?
View 4 Replies
View Related
Jun 15, 2011
I just built a computer with a MSI 760GM-E51 Motherboard, AMD Phenom II 955 CPU and 4 GB memory (2 x 2 GB G.Skill DDR3-1333 PC3-10666) I first installed 10.04 LTS 64bit. But I think I am going to go to 11.04. I am just looking for a vote, would you install 32 or 64 bit. I am not a real power user, biggest thing I would do would be video editing. If I am going to play resource demanding games, I would probably boot into XP.
View 6 Replies
View Related
May 22, 2011
What is the difference between RAID versus LVM?
View 2 Replies
View Related
May 31, 2010
I installed Fedora 13 and use the Gnome desktop. I want to keep my installation as clean as possible and have heard some contrary advice about installing both Gnome and KDE desktops, so I want to stay with just Gnome. In the past I have mixed both and feel that resulted in tons of packages that I probably didn't need and tons of updates all the time. However, some applications seem to be KDE applications and installing them requires installation of many KDE packages. This is a source of confusion for me:
Is there a distinction between Gnome applications and KDE applications? If so, how do you tell the difference? Should one NOT install KDE applications if you are using the Gnome desktop and not interested in installing KDE desktop? Is there a best practice on how to approach which software to install so that you do not create a mix and match mess?
View 12 Replies
View Related
Jan 13, 2011
I have a script that basically adds a zypper repo, then proceeds to install and configure FreeNX.To add the repo:
Code:
zypper addrepo Index of /repositories/X11:/RemoteDesktop/openSUSE_11.1 RemoteDesktop
To install FreeNX & it's relevant dependencies:
Code:
zypper install FreeNX
To setup and configure FreeNX:
Code:
nxsetup --install --setup-nomachine-key --clean --purge
sed -i 's/AllowUsers idcuser/AllowUsers idcuser nx/' /etc/ssh/sshd_config
service sshd reload
[code]....
After completing these steps on version 11, I can immediately open the FreeNX client (windows 7), and connect. On 11.1, at the very end of the FreeNX connect, just after "Dowloading the session information", I get:
Code:
NX> 105 startsession --link="lan" --backingstore="1" --encryption="1" --cache="16M" --images="64M" --shmem="1" --shpix="1" --strict="0" --composite="1" --media="0" --session="170.224.164.19" --type="unix-gnome" --geometry="1274x956" --client="winnt" --keyboard="pc102/en_US" --screeninfo="1274x956x16+render"
Permission denied (publickey,keyboard-interactive).NX> 280 Exiting on signal: 15 I've googled this to death, and tried a bunch of random changes to both ssh and nxserver, but I can't seem to get rid of it. What might have changed from 11 to 11.1 that could cause this behavior change? The NXserver seems to be configured and running identical on both systems.
View 8 Replies
View Related
Jul 18, 2010
Are there big disadvantages to building a computer around a motherboard with ATI Radeon graphics instead of Nvidia? I am using an AMD CPU to save money, but all the motherboards AMD recommends use ATI. I have always used Nvidia in the past, And am not sure what the current state of ATI Linux drivers is. I know I would be giving up VDPAU acceleration for video playback, but hopefully the Athlon� II X4 635 processor I am looking at has enough horsepower to handle this on it's own, even for high-def h264.
View 7 Replies
View Related
Nov 20, 2010
With the problems I seem to be having I was wondering about data integrity of an optical disc vs a USB drive.How about transfer speed? I assume you can format a usb drive as ext4. I am beginning to wonder why I put 2 new dvdr/rws in my new computer.Is an external hard drive the best solution for backing up files?
View 1 Replies
View Related
Aug 23, 2010
I am trying my hand at Bash scripting. I have a file with lots of pinyin, which is the romanized version of Chinese characters and words. A typical entry looks like this,
"7 shuo1 to speak"
Seven is the number of the entry shuo is the pinyin, 1 is the tone mark and is the Chinese character.
What I would like to do is change the format so that it looks more like this:
7 shuo 1
Each field needs to be re-assigned to a variable in an array and then printed to the screen and saved to a file in the same order it was input. This is to prepare the data for another project I am working on in imagemagick.
I have spent all day looking at linux man pages and have very little to show for my efforts. What is the best way to approach this? grep, awk, sed...?
View 1 Replies
View Related