Ubuntu Security :: Way To Scan For Rootkits ?
Jul 24, 2011
I've read that there are a lot of rootkits that exist for linux. MS Windows has tools where you can boot a "portable" scanner from a CD and scan your whole Windows installation for rootkits. This way you can even scan boot sectors because you are never actually starting your installed Windows.
Is there anything available like this for Ubuntu? Is there a scanner I can run off the LIVE CD for example to scan my ubuntu installation for rootkits?
View 7 Replies
ADVERTISEMENT
May 7, 2009
Attack Sneaks Rootkits Into Linux Kernel Quote: A researcher at Black Hat Europe this week will demonstrate a more stealthy way to hack Linux
Apr 14, 2009 | 04:21 PM
By Kelly Jackson Higgins
DarkReading
Kernel rootkits are tough enough to detect, but a researcher this week has demonstrated an even sneakier method of hacking Linux. The attack attack exploits an oft-forgotten function in Linux versions 2.4 and above in order to quietly insert a rootkit into the operating system kernel as a way to hide malware processes, hijack system calls, and open remote backdoors into the machine, for instance. At Black Hat Europe this week in Amsterdam, Anthony Lineberry, senior software engineer for Flexilis, will demonstrate how to hack the Linux kernel by exploiting the driver interface to physically addressable memory in Linux, called /dev/mem.
"One of bonuses of this [approach] is that most kernel module rootkits make a lot noise when they are inserting [the code]. This one is directly manipulating" the memory, so it's less noticeable, he says. The /dev/mem "device" can be opened like a file, and you can read and write to it like a text file, Lineberry says. It's normally used for debugging the kernel, for instance.
Lineberry has developed a proof-of-concept attack that reads and writes to kernel memory as well as stores code inside the kernel, and he plans to release a framework at Black Hat that lets you use /dev/mem to "implement rootkit-like behaviors," he says. The idea of abusing /dev/mem to hack the Linux kernel is not really new, he says. "People have known what you can do with these /dev/mem devices, but I have never seen any rootkits with dev/mem before," he says.
Quote: "The problem with kernel-based rootkits is that the rootkit can mitigate [detection] because it has control," he says. "It's a race in the kernel to see who's going to see who first." [URL]
View 1 Replies
View Related
Jul 4, 2010
I'm quite new to Ubuntu and I am running Ubuntu Studio 10.04 . I have just installed Klam AV and had it scan my computer . I was surprised to find that it had found two 'viruses' . I don't know if anyone can help me in finding out if they are real or only false positives . The following is the output that I received .
Name of File
/usr/src/fglrx-8.723.1/libfglrx_ip.a.GCC3 and GCC4
Name of Problem
Heuristics.Broken.Executable
Status
Loose
Does anyone know if this is a problem.
View 6 Replies
View Related
Dec 7, 2010
I have Avast Antivirus installed in Ubuntu 10.10. There are options to select folders to scan from 1. Home Directory 2. Entire system and 3. Selected folders. What are the options available to scan only selected drive. OR How to scan only USB stick.
View 2 Replies
View Related
Apr 10, 2010
I've installed ClamTK on my Kubuntu 9.10 installation, since it's connected to a Windows7 machine.When I ran a scan, it found 9 'viruses', but they are all within my home directory > Opera/mail/store and are either status Phishing.Heuristics.Email.SpoofedDomain OR HTML.Phishing.Bank-593.I recently synced my Hotmail into Opera, so I checked the corresponding dates in my Hotmail account and deleted the emails which I thought were related, however, after clearing down my Opera history, etc., re-booting my PC and re-scanning, the results are the same.How do I clear down these files?
View 1 Replies
View Related
May 12, 2010
I'm dual booting 10.04 with windows 7 and it occurs to me that I could scan the windows partition for viruses FROM linux. Is anybody doing this sort of thing? Does that make any sense?
View 3 Replies
View Related
May 18, 2011
I use clamtk to scan flash disk. It says the engine is out of date. What do I do to update it?
View 1 Replies
View Related
May 29, 2011
I am a newbie in ubuntu. I did clamscan on my ubuntu /, and I got the result message as follow. it shows "486 errors" I am wondering if the result is OK or I need to do some action on it.
Known viruses: 968595
Engine version: 0.96.5
Scanned directories: 28067
Scanned files: 131696
Infected files: 0
Total errors: 486
Data scanned: 9020.40 MB
Data read: 17800.31 MB (ratio 0.51:1)
Time: 1349.479 sec (22 m 29 s)"
Also, my engine is 0.96.5. The latest version is 0.97. But "aptitude upgrade" can not upgrade the engine to 0.97. I understand 0.97 is still on testing. I am wondering if I can just stay with 0.96.5 and wait for the 0.97 passing all tests. if so, does it cause any security issue?
View 5 Replies
View Related
Jan 2, 2010
I use my ubuntu laptop at work and connect a lot of usb pen drives to my computer. Everyone else I work with use windows and I want to make sure that the usb pen drives don't contain any windows viruses so I don't spread them. The best way for this to be done would be to have the USB pen drives automatically scanned with they are inserted in my ubuntu machine. How to do this?
View 2 Replies
View Related
Jan 31, 2010
I know that there is little need for me to install an anti-virus etc - but - I was thinking, it is a good idea to scan folders and files that I send to colleagues that run windows.Whats the best way and programme to do this? I guess I simply install an AV programme and thats it!
View 5 Replies
View Related
Feb 11, 2010
Is there a free online vulnerability scanner where either I can give them the IP address to scan or can be initiated from the console command, tool, or text based browser. I use GRC's Shields Up when I have a GUI, but I want a scan ran on my website that runs Ubuntu 8.04 server on a hosted VPS.
View 5 Replies
View Related
May 6, 2010
So I forgot how to do something in Compiz and I quickly Googled it to find the answer. On the first or second link I clicked, a pop-up box opened from Firefox saying that I should scan my computer. Immediately, I pressed the X button, but a page started to load that tried to "scan" my computer. I closed out Firefox and re-opened it. I did the exact same search again on Google, but I clicked on the cached view of the site. It was harmless enough--a blog with some ads on the side of the page. I'm assuming that it was one of the ads that somehow must have taken over the page.
Anyway, I know that the discussion of anti-virus programs is not anything new, but I would like to know if this virus may have affected Ubuntu. What would you guys recommend in this case?Also, after running the update manager, I received a pop-up box asking if I would like to update Grub. Is this a normal part of the update, or could it be a virus? I'm a bit paranoid, being from the land of Windows.
View 6 Replies
View Related
Aug 30, 2010
How do I scan a windows computer from my Ubuntu laptop via the network? I have Ubuntu 10.04 on my laptop. First Windows computer to scan has Windows XP Home Edition Second Windows computer to scan has Windows Vista Home Basic I have Avast 4 workstation and KlamAV insalled on it. What is the steps to make my computer scan those windows computers. And how do I set up my firewall to work with firefox and empathy?
View 5 Replies
View Related
Feb 22, 2011
I have network shares automounted in /media and I want to exclude them from my automatic scheduled ClamAV scan in Maverick. How do I do this? I can't find any CRON link or script that actually starts the scan. Is it the Daemon that does this?
View 1 Replies
View Related
Aug 1, 2010
I ran a chkrootkit scan and found this: The following suspicious files and directories were found: /usr/lib/pymodules/python2.6/.path /usr/lib/xulrunner-1.9.2.8/.autoreg /usr/lib/firefox 3.6.8/.autoreg /usr/lib/jvm/.java-6-openjdk.jinfo
How do I get rid of this suspicious file?
View 4 Replies
View Related
Nov 12, 2009
I installed CLAM AV and also the GUI (CLAMTK).
1). What is the console command to scan all of Fedora, not just a specific directory, but the entire computer?
2). Even tho I have consulted the CLAM AV site on how to update to the latest virus signature database, I don't either understand what they are telling me to do, or I am not "getting" how to do it.
View 11 Replies
View Related
Oct 27, 2010
Our org uses Foundstone. I gave them a wheel user and verified connectivity with putty from their server to my RH box. Foundstone never makes it in and I don't see anything from faillog, sshd logs, etc.
View 5 Replies
View Related
Apr 23, 2011
I had a hack on my oscommerce website recently. I have put in the relevant security patches but I need to check whether the hacker left any code changes in my files. What is a good file comparison software for linux? I need it to scan though the current files and folders and compare it the original default oscommerce installation so I can check the code.
View 14 Replies
View Related
Jan 19, 2010
I'm looking for a virus scanner to scan some removable media (USB drives, mp3 players, etc). Since there's so many choices to choose from, can anyone recommend any?
I've heard a lot of people recommending clam av, but everything I've read suggests that clam av is better used for scanning e-mail servers and not home desktop application...
View 1 Replies
View Related
Dec 7, 2009
How to determine what type of files clamav can scan? For example, if there is no unrar installed it can't scan files in it. So is there any way to find out all types of files that clamav can't scan?
View 2 Replies
View Related
Feb 27, 2011
I have a Cent OS dedicated server, not sure what version though as I'm new to Linux. How do I find out what version I have? Is there an anti virus or security package that I can install on my server which can use Cron Jobs to do a scan every 12 hours.
View 7 Replies
View Related
Jan 9, 2011
I installed squeeze on my eeepc 1015ped and downloaded the correct firmware-brcm80211 drivers but every time I scan for my network using iwconfig wlan0 scan or wicd, my computer completely freezes. I previously had a solid install running xmonad, and wicd was working like a charm (using the same broadcom driver) but i tinkered too much with it and decided to do a fresh install. I haven't quite run into a problem like this before.
View 2 Replies
View Related
Feb 16, 2010
This is the difference in the output of a port scan using Zenmap on the same system with UFW turned off and then with it turned on. It is obvious that UFW works.
View 6 Replies
View Related
Oct 22, 2010
One of the things I found really handy about the Live Ubuntu CDs is they had the option to run a memory scan on the computer. As the head of an IT department of one person in charge of maintaining 60 computers, that capability has helped me more than twice.
I think the options when running off CD/USB were Install Ubuntu, Test Ubuntu, run a memory scan, or boot off the harddrive. However, starting with Lucid and continuing with Maverick, the only options on the Live CD/USB seem to be install or try (although the memory scan is available on my Grub menu after Ubuntu is installed, unfortunately, most of the computers I am responsible for at work are Windows only).
Is there a way to start the memory scan when running a Live Lucid or Maverick CD/USB?
View 4 Replies
View Related
Jun 3, 2011
Is there an AV i can use to scan my windows partition to find any bugs/backdoors or viruses? I know there is a backdoor somewhere, and comodo isnt picking it up so i am refusing to boot from my windows 7 right now. My password information keeps getting changed and websites and emails are alerting me that someone has access to them and is trying to promote spam.
View 9 Replies
View Related
Jun 4, 2011
I have just installed 11.04 (64-bit) and I cannot scan as a user. Scanning as root works fine. My device is a Brother MFC-7420. I've installed the brscan2-0.2.5-1.amd64.deb package from the brother page. After installing this, I can run xsane as root and scan perfectly.
I could not find any instructions for enabling this as a user on 11.04, so I followed the instructions for 10.04 at [URL]...n1c.html#u9.10 and added the following between libsane_usb_rules_begin and libsane_usb_rules_end
Code:
# Brother scanners
ATTRS{idVendor}=="04f9", ENV{libsane_matched}="yes" I then restarted udev, turned my device off and on again and tried to run xsane. I get the following error:
Code: "Failed to open dvice `brother2:bus3;dev1': Invalid argument I looked at what the rules were trying to do when libsane_matched is set to yes, and found that setfacl was not installed on my box. I installed this and changed the line to read
[Code]...
View 4 Replies
View Related
Sep 1, 2011
I updated to KDE 4.7 today with MUCH trouble muon hung at towards the end of the updrade at 100% so i had to force quit with " sudo ksysguard" it refused to boot into the desktop so i had to complete the upgrade from the terminal/safe mode when it finished i could not get my wireless to work my drivers is installed properly and i have tried toggling the wireless switch, much to my dismay but nothing seems to work. i can't scan for networks and the network-manager app just reports "WLAN Interface: Error: Invalid state"
View 2 Replies
View Related
Jan 26, 2010
I just bought an hp 6500 wireless printer, and after taking 5 minutes to set it up (amazing how easy it is to get hardware working that supported by Linux) I was happily printing...But- I haven't managed to get it to scan from my desktop pc running 9.04. Tells me no device is found. I added the printer to a laptop running 9.10, and it scanned perfectly straight away...
I've been through the Ubuntu help documentation and haven't found a solution.I think that maybe Turbo Print (for our old Canon printer) might have messed something up. I had to uninstall Turbo Print to get the printer to work (it hijacked Ubuntu's built in printing stuff).
View 2 Replies
View Related
Feb 17, 2010
I have a Deskjet F2400 series and want to scan a document to a file from the command line without having the HP Device Manager being invoked.
View 1 Replies
View Related
Apr 8, 2010
i have hp photosmart c4340 combine printer i need to scan documents and send them via email with a preview page meaning a page where i write to who the document needs to arrive how can i do this?
View 2 Replies
View Related
