Results 1 to 16 of 16
  1. #1
    Join Date
    Sep 2008
    Location
    Sweden
    Posts
    1,283

    CHKROOTKIT or RKHunter ??

    hello which of the is better?
    CHKROOTKIT or RKHunter ??

    i want to install and run it via ssh.

    tnx

  2. #2
    Join Date
    Jun 2009
    Location
    Kochi,India
    Posts
    177
    My vote is for CHKROOTKIT
    Ezeelogin -
    The ultimate multiple server administration software.
    *Parallel shell *rm -rf protection *SSH logging*automated password changes*encrypted storage*
    AdMod.com -Delivering innovative web hosting solutions

  3. #3
    I thinks CHKROOTKIT is good for scanning.
    Support Facility | 24/7 web hosting technical support services
    Technical support | Server management | Data migration

    Technical Articles

  4. #4
    Join Date
    May 2009
    Location
    On a Speck!!!!!
    Posts
    216
    I prefer CHKROOTKIT but you can download and install both as they are very simple to install and use.

    There is no harm in doing a detailed security audit, right?

  5. #5
    Join Date
    Mar 2009
    Posts
    245
    Quote Originally Posted by Thomas Manning View Post
    I prefer CHKROOTKIT but you can download and install both as they are very simple to install and use.

    There is no harm in doing a detailed security audit, right?
    Yeah it's not service which works 24/7 so you can use them both.

  6. #6
    use both, also use unhide from security-projects.com I recommend this because if a new rootkit is out there or an existing one is modified/re-packaged in some cases it can skip the detection by both chkrootkit and rkhunter, also from time to time run a nmap against your server !!always run it from an external server, never use it like nmap -O 127.0.0.1, also if you have firewall rules against port mapping/scanning disable it for the host from which you'll run the nmap so it wont interfere with the nmap result!!

  7. #7
    Join Date
    Jan 2002
    Location
    Home, chair
    Posts
    723
    Quote Originally Posted by kefee View Post
    use both, also use unhide from security-projects.com I recommend this because if a new rootkit is out there or an existing one is modified/re-packaged in some cases it can skip the detection by both chkrootkit and rkhunter, also from time to time run a nmap against your server !!always run it from an external server, never use it like nmap -O 127.0.0.1, also if you have firewall rules against port mapping/scanning disable it for the host from which you'll run the nmap so it wont interfere with the nmap result!!
    I'll add to this, manually check world-writeable directories, like /tmp, /dev/shm, and those on your accounts, for exploits.

  8. #8
    Join Date
    Sep 2008
    Location
    Sweden
    Posts
    1,283
    why CHKROOTKIT ?

  9. #9
    Join Date
    Sep 2009
    Posts
    361
    Do both...

  10. #10
    Join Date
    Aug 2003
    Posts
    47
    how to install them ?
    thnx

  11. #11
    Quote Originally Posted by arabgenius View Post
    how to install them ?
    thnx
    To install rkunter http://www.dedicated-resources.com/g...-RKHunter.html and to install chkrootkit http://www.it.iastate.edu/pub/lat310/lat310.html

  12. #12
    Join Date
    Aug 2003
    Posts
    47
    thanks hostechsupport

  13. #13
    Quote Originally Posted by arabgenius View Post
    thanks hostechsupport
    You are most welcome.

  14. #14
    Join Date
    Aug 2003
    Posts
    47
    Oh ..
    I install it and I got this
    #!/usr/bin/php
    #!/usr/bin/php
    Searching for anomalies in shell history files... Warning: `//root/.mysql_history' file size is zero
    Checking `asp'... not infected
    Checking `bindshell'... INFECTED (PORTS: 465)
    Checking `lkm'... find: /proc/29144: No such file or directory
    chkproc: nothing detected
    chkdirs: nothing detected



    what should I do ?

  15. #15
    Join Date
    May 2008
    Location
    Germany
    Posts
    676
    I'd recommend to use both of them, and also ClamAV to search for PHP shells and the like.

  16. #16
    Quote Originally Posted by mixmox View Post
    hello which of the is better?
    CHKROOTKIT or RKHunter ??

    i want to install and run it via ssh.

    tnx
    I would say you should use both. Here are the steps to get them installed.


    Rkhunter Installation

    Rkhunter is a tool used to check trojans, rootkits, and other security problems.
    Here are the installation steps:-

    Code:
    [email protected] [~]#wget http://downloads.rootkit.nl/rkhunter-1.2.7.tar.gz
        [email protected] [~]#tar -zxvf rkhunter-1.2.7.tar.gz
        [email protected] [~]#cd rkhunter-1.2.7
        [email protected] [~]#./installer.sh
    You can scan the server by using the following command:-

    Code:
    [email protected] [~]#/usr/local/bin/rkhunter -c
    You can update the rkhunter database by issuing the following command:-

    Code:
    [email protected] [~]#rkhunter –update
    Chrootkit Installation

    Chrootkit is a tool used for scanning the trojans in the server.

    Here are the installation steps:-

    1) Download the source package

    Code:
    [email protected] [~]#wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz
    2)Check the MD5 SUM of the download for security.

    Code:
    [email protected] [~]#ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.md5
        [email protected] [~]#md5sum chkrootkit.tar.gz
    3) Extract the source file and install it.

    Code:
    [email protected] [~]#tar xvzf chkrootkit.tar.gz
        [email protected] [~]#cd chkrootkit*
        [email protected] [~]#make sense
    4) Scan the server.

    Code:
    [email protected] [~]#./chkrootkit

Similar Threads

  1. Replies: 8
    Last Post: 08-13-2008, 08:52 AM
  2. Help with rkhunter & chkrootkit?
    By kamnet in forum Hosting Security and Technology
    Replies: 3
    Last Post: 06-30-2008, 11:40 AM
  3. rkhunter log - need help
    By Cyber-A in forum Hosting Security and Technology
    Replies: 6
    Last Post: 05-08-2008, 03:19 AM
  4. Rkhunter vs. Chkrootkit - Best way to run?
    By jthornton in forum Hosting Security and Technology
    Replies: 1
    Last Post: 12-31-2007, 01:49 AM
  5. Rkhunter log, need help
    By bonjurkes in forum Hosting Security and Technology
    Replies: 5
    Last Post: 09-28-2007, 04:33 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •