Saturday, February 9, 2013

CHKRootKit –Detects hacker software and notifies via email

Please keep in mind that, you can use chkrootkit to find the files and processes associated with a rootkit, but you can’t be 100% sure that all pieces of rootkits are found and removed. You can safeguard your system from rootkits by ensuring that all applications and softwares are up-to-date and the system kept patched against all known vulnerabilities.

cd /usr/local/src
wget https://dl.dropbox.com/s/4rmbi1dmifn4si2/chkrootkit.tar.gz
wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz
tar -xvzf chkrootkit.tar.gz
cd chkrootkit-*/
make sense
./chkrootkit
cd ..
echo "CHRootKit has been installed!"

Enable Automatic Server Scanning

You can add a cron entry for running chkrootkit automatically and send a scan report to your mail address. Create and add the following entries to “/etc/cron.daily/chkrootkit.sh”

#!/bin/sh
(
/usr/local/chkrootkit/chkrootkit
) | /bin/mail -s ‘CHROOTKIT Daily Run (ServerName)’ your@email.com

No comments:

Post a Comment