LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices



Reply
 
Search this Thread
Old 03-08-2011, 02:56 PM   #1
Thor_2.0
Senior Member
 
Registered: Nov 2007
Location: Somewhere on my hard drive...
Distribution: Manjaro
Posts: 2,227
Blog Entries: 23

Rep: Reputation: 279Reputation: 279Reputation: 279
Some tips on chrootkit, please


Hi,

First off: wellness to all. It's been a while since I was here last, so it is a "comming home"...

Okay. The "it" is out there, and to keep it out THERE, some tools are needed. One of these is chrootkit.
Anyone with some experience here? Is it any good? I use Arch Linux behind a private router. There is a fire wall and yes, I have f-prot installed and let it loose on the drive from time to time.
But then there are the rootkits. Is Chrootkit any good in the fight against rootkits?

Thank you for some light inthe dark.

Thor
 
Old 03-08-2011, 04:50 PM   #2
impert
Member
 
Registered: Feb 2009
Posts: 282

Rep: Reputation: 53
It's actually chkrootkit with a 'k'. Your question prompted me to run it - haven't done so for a while. As usual, it found nothing, which is great.
Sounds as though you've got good security, but I can't see what harm it can do to run it from time to time; but as I say, it's never found anything on my box.
 
Old 03-08-2011, 10:32 PM   #3
Thor_2.0
Senior Member
 
Registered: Nov 2007
Location: Somewhere on my hard drive...
Distribution: Manjaro
Posts: 2,227
Blog Entries: 23

Original Poster
Rep: Reputation: 279Reputation: 279Reputation: 279
Hey there impert!

Thanks for the reassuring reply...I may (indeed) have misspelled something, but I suspect you know what this is about.
My question stems from the changelog...

Snippet (look at the date of the last entry)
Quote:
Minor bug fixes.
09/30/2009 - Version 0.49 new tests: Mac OS X OSX.RSPlug.A. Enhanced
tests: suspicious sniffer logs, suspicious
PHP files, shell history file anomalies.
Bug fixes in chkdirs.c, chkproc.c and
chkutmp.c.
That seems as if development froze in time somewhere...or am I mistaken... :/

By the way, it's not in the Arch repo...dunnow about the others...

Thor
 
Old 03-09-2011, 05:57 PM   #4
impert
Member
 
Registered: Feb 2009
Posts: 282

Rep: Reputation: 53
I can't comment on the snippet you posted. Maybe there's not been a lot of activity on the part of the black hats, either.
There's also rkhunter if you're interested. Don't know if it's on the Arch repo.
 
Old 03-09-2011, 10:25 PM   #5
Thor_2.0
Senior Member
 
Registered: Nov 2007
Location: Somewhere on my hard drive...
Distribution: Manjaro
Posts: 2,227
Blog Entries: 23

Original Poster
Rep: Reputation: 279Reputation: 279Reputation: 279
Hi impert,
None of these are in the repo, though I do recall chrootkit being in there...the fact it's not (anymore) makes me uneasy as to the future of chrootkit.
Maybe I'll have to look outside the repo, for this once...

Thanks!

Thor
 
Old 03-11-2011, 02:33 AM   #6
Thor_2.0
Senior Member
 
Registered: Nov 2007
Location: Somewhere on my hard drive...
Distribution: Manjaro
Posts: 2,227
Blog Entries: 23

Original Poster
Rep: Reputation: 279Reputation: 279Reputation: 279
Tap me on the head (gently, my second most precious piece of anatomy is in there ) but I found..

chKrootkit

...I misspelled the name, found it in the repo, installed it and let it loose on my system, result: clean bill of health.

Thanks to all

Thor
 
Old 03-12-2011, 06:05 AM   #7
repo
LQ 5k Club
 
Registered: May 2001
Location: Belgium
Distribution: Linux Mint
Posts: 8,516

Rep: Reputation: 896Reputation: 896Reputation: 896Reputation: 896Reputation: 896Reputation: 896Reputation: 896
You could try rkhunter, the latest version is from 2010/11/17
The updates of the datafiles are still regular.
http://rkhunter.sourceforge.net/

Kind regards
 
Old 03-12-2011, 06:27 AM   #8
Thor_2.0
Senior Member
 
Registered: Nov 2007
Location: Somewhere on my hard drive...
Distribution: Manjaro
Posts: 2,227
Blog Entries: 23

Original Poster
Rep: Reputation: 279Reputation: 279Reputation: 279
Tnx repo, it could not hurt (it seems) to have two of these on the system. I'll sniff it out!



Thor
 
  


Reply

Tags
choortkit, rootkit, security


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Need tips on using Ethernet to power WiFi network, and tips on setting up WiFi crabpot8 Linux - Networking 2 08-24-2009 07:42 PM
How to run chrootkit LarryFrigginWachs Linux - Newbie 2 02-13-2006 02:37 PM
cracked or not cracked (tripwire & chrootkit) ddaas Linux - Security 1 04-27-2005 08:29 AM
chrootkit error = Format HD ryedunn Linux - Security 2 01-11-2005 10:51 PM
Tips Mia Linux - Newbie 0 12-07-2001 01:49 AM


All times are GMT -5. The time now is 08:27 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration