hosted by liquidweb


Go Back   Web Hosting Talk : Web Hosting Main Forums : Hosting Security and Technology : chkrootkit
Reply

Forum Jump

chkrootkit

Reply Post New Thread In Hosting Security and Technology Subscription
 
Send news tip View All Posts Thread Tools Search this Thread Display Modes
  #1  
Old 08-03-2004, 02:27 PM
Luciano Luciano is offline
Junior Guru Wannabe
 
Join Date: May 2004
Posts: 42

chkrootkit


hi,

I run "chkrootkit" on one of my servers, because this machine seems to be hacked, and the result report is not too clear.

Does someone know another software to found possible root kits or infected binary files?

Thank you very much;



Sponsored Links
  #2  
Old 08-03-2004, 02:36 PM
runesolutions runesolutions is offline
Aspiring Evangelist
 
Join Date: Apr 2002
Location: UK
Posts: 429
You could try rkhunter.

__________________
Regards, Gordon.
Rune Solutions: Fast, Efficient Remote Backup Service.

  #3  
Old 08-03-2004, 02:52 PM
mainarea mainarea is offline
Been around for too long...
 
Join Date: Aug 2002
Location: DC
Posts: 3,636
Re: chkrootkit

Quote:
Originally posted by Luciano
hi,

I run "chkrootkit" on one of my servers, because this machine seems to be hacked, and the result report is not too clear.

Does someone know another software to found possible root kits or infected binary files?

Thank you very much;
What is the output of chkrootkit?

- Matt

Sponsored Links
  #4  
Old 08-03-2004, 02:56 PM
pmabraham pmabraham is offline
Web Hosting Master
 
Join Date: Dec 2001
Posts: 5,221
Greeings:

INFECTED, not infected, what's not too clear?

Though of note, cpanel will report port 465 infected when it is not.

http://www.rootkit.nl/ will probably have similar, technical, output.

Thank you.

__________________
---
Peter M. Abraham
LinkedIn Profile


  #5  
Old 08-03-2004, 03:26 PM
rsferreira rsferreira is offline
Web Hosting Guru
 
Join Date: Mar 2003
Location: Rio de Janeiro - Brazil
Posts: 291
Quote:
Originally posted by dynamicnet
INFECTED, not infected, what's not too clear?
LOL. Pretty clear to me

  #6  
Old 08-03-2004, 03:39 PM
swei swei is offline
Web Hosting Master
 
Join Date: Dec 2001
Location: NYC
Posts: 1,902
Paste the output if you are unsure what it says.

  #7  
Old 08-03-2004, 05:57 PM
eth00 eth00 is offline
Web Hosting Master
 
Join Date: Apr 2003
Location: NC
Posts: 2,938
When in doubt you can also almost always google what is infected and find information If you post it here we can help as well.

__________________
John W
www.eth0.us

  #8  
Old 08-03-2004, 06:02 PM
bidhata bidhata is offline
Junior Guru Wannabe
 
Join Date: May 2004
Location: India
Posts: 91
Some of script of cpanel and some perl modules give genarates error msg in chkrootkit. rkhunter is more better than that. Try to use that.

__________________
Helpdesk : Sir, you need to add 10GB space to your HD , Customer : Could you please tell where I can download that?

  #9  
Old 08-04-2004, 01:14 PM
Luciano Luciano is offline
Junior Guru Wannabe
 
Join Date: May 2004
Posts: 42
After run "./chkrookit -p binarypath report"

It detect:

XX hidden process on Ps command
XX hidden process showdir (ls)
XX possible lkm installed

the problem is that this alerts disappears after rebooting the server. I was studying about that, and I noticed (http://www.chkrootkit.org) that this because "proc" activity, I'm running ENSIM pro over RedHat Enterprise, and like you know, there are to many "short" processes be written on this directory.

Thats why I want to run another software, to avoid false possitives.

Do you know another one?


<<Signature to be setup in your profile>>


Last edited by anon-e-mouse; 08-04-2004 at 05:24 PM.
  #10  
Old 08-04-2004, 01:28 PM
eth00 eth00 is offline
Web Hosting Master
 
Join Date: Apr 2003
Location: NC
Posts: 2,938
Quote:
Originally posted by disoft
You could try rkhunter.
As posted above rkhunter is what most people use with/instead of chkrootkit.

__________________
John W
www.eth0.us

  #11  
Old 08-04-2004, 01:34 PM
twhiting9275 twhiting9275 is offline
Just me
 
Join Date: Sep 2002
Location: Among the corn
Posts: 10,414
ditto for rkhunter, it's 100x better than chkrootkit, it checks binaries against md5, it checks various other stuff, crap that chkrootkit just forgets about.

As far as the output, how hard is it (really) to comprehend INFECTED/NOT INFECTED ? Admittedly 465 on a cpanel server (or most servers) will always show up as "infected", but the rest shouldn't at all.

If you get "INFECTED", then google it, it's your best bet.

Reply

Related posts from TheWhir.com
Title Type Date Posted
Linux Malware Operation Windigo Infects 25,000 Web Servers Web Hosting News 2014-03-19 11:44:53


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Postbit Selector

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump
Login:
Log in with your username and password
Username:
Password:



Forgot Password?
Advertisement:
Web Hosting News:



 

X

Welcome to WebHostingTalk.com

Create your username to jump into the discussion!

WebHostingTalk.com is the largest, most influentual web hosting community on the Internet. Join us by filling in the form below.


(4 digit year)

Already a member?