LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
LinkBack Search this Thread
Old 03-08-2011, 01:56 PM   #1
Thor_2.0
Senior Member
 
Registered: Nov 2007
Location: Somewhere on my hard drive...
Distribution: Manjaro
Posts: 2,168
Blog Entries: 23

Rep: Reputation: 275Reputation: 275Reputation: 275
Some tips on chrootkit, please


Hi,

First off: wellness to all. It's been a while since I was here last, so it is a "comming home"...

Okay. The "it" is out there, and to keep it out THERE, some tools are needed. One of these is chrootkit.
Anyone with some experience here? Is it any good? I use Arch Linux behind a private router. There is a fire wall and yes, I have f-prot installed and let it loose on the drive from time to time.
But then there are the rootkits. Is Chrootkit any good in the fight against rootkits?

Thank you for some light inthe dark.

Thor
 
Old 03-08-2011, 03:50 PM   #2
impert
Member
 
Registered: Feb 2009
Posts: 275

Rep: Reputation: 53
It's actually chkrootkit with a 'k'. Your question prompted me to run it - haven't done so for a while. As usual, it found nothing, which is great.
Sounds as though you've got good security, but I can't see what harm it can do to run it from time to time; but as I say, it's never found anything on my box.
 
Old 03-08-2011, 09:32 PM   #3
Thor_2.0
Senior Member
 
Registered: Nov 2007
Location: Somewhere on my hard drive...
Distribution: Manjaro
Posts: 2,168
Blog Entries: 23

Original Poster
Rep: Reputation: 275Reputation: 275Reputation: 275
Hey there impert!

Thanks for the reassuring reply...I may (indeed) have misspelled something, but I suspect you know what this is about.
My question stems from the changelog...

Snippet (look at the date of the last entry)
Quote:
Minor bug fixes.
09/30/2009 - Version 0.49 new tests: Mac OS X OSX.RSPlug.A. Enhanced
tests: suspicious sniffer logs, suspicious
PHP files, shell history file anomalies.
Bug fixes in chkdirs.c, chkproc.c and
chkutmp.c.
That seems as if development froze in time somewhere...or am I mistaken... :/

By the way, it's not in the Arch repo...dunnow about the others...

Thor
 
Old 03-09-2011, 04:57 PM   #4
impert
Member
 
Registered: Feb 2009
Posts: 275

Rep: Reputation: 53
I can't comment on the snippet you posted. Maybe there's not been a lot of activity on the part of the black hats, either.
There's also rkhunter if you're interested. Don't know if it's on the Arch repo.
 
Old 03-09-2011, 09:25 PM   #5
Thor_2.0
Senior Member
 
Registered: Nov 2007
Location: Somewhere on my hard drive...
Distribution: Manjaro
Posts: 2,168
Blog Entries: 23

Original Poster
Rep: Reputation: 275Reputation: 275Reputation: 275
Hi impert,
None of these are in the repo, though I do recall chrootkit being in there...the fact it's not (anymore) makes me uneasy as to the future of chrootkit.
Maybe I'll have to look outside the repo, for this once...

Thanks!

Thor
 
Old 03-11-2011, 01:33 AM   #6
Thor_2.0
Senior Member
 
Registered: Nov 2007
Location: Somewhere on my hard drive...
Distribution: Manjaro
Posts: 2,168
Blog Entries: 23

Original Poster
Rep: Reputation: 275Reputation: 275Reputation: 275
Tap me on the head (gently, my second most precious piece of anatomy is in there ) but I found..

chKrootkit

...I misspelled the name, found it in the repo, installed it and let it loose on my system, result: clean bill of health.

Thanks to all

Thor
 
Old 03-12-2011, 05:05 AM   #7
repo
LQ 5k Club
 
Registered: May 2001
Location: Belgium
Distribution: Slackware 14.0
Posts: 8,464

Rep: Reputation: 877Reputation: 877Reputation: 877Reputation: 877Reputation: 877Reputation: 877Reputation: 877
You could try rkhunter, the latest version is from 2010/11/17
The updates of the datafiles are still regular.
http://rkhunter.sourceforge.net/

Kind regards
 
Old 03-12-2011, 05:27 AM   #8
Thor_2.0
Senior Member
 
Registered: Nov 2007
Location: Somewhere on my hard drive...
Distribution: Manjaro
Posts: 2,168
Blog Entries: 23

Original Poster
Rep: Reputation: 275Reputation: 275Reputation: 275
Tnx repo, it could not hurt (it seems) to have two of these on the system. I'll sniff it out!



Thor
 
  


Reply

Tags
choortkit, rootkit, security


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Need tips on using Ethernet to power WiFi network, and tips on setting up WiFi crabpot8 Linux - Networking 2 08-24-2009 06:42 PM
How to run chrootkit LarryFrigginWachs Linux - Newbie 2 02-13-2006 01:37 PM
cracked or not cracked (tripwire & chrootkit) ddaas Linux - Security 1 04-27-2005 07:29 AM
chrootkit error = Format HD ryedunn Linux - Security 2 01-11-2005 09:51 PM
Tips Mia Linux - Newbie 0 12-07-2001 12:49 AM


All times are GMT -5. The time now is 04:42 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration