Help! I think I have a virus on my Debian Server..
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Help! I think I have a virus on my Debian Server..
Still fairly new to linux, have been running a debian server for about 3 or 4 months to host some personal websites for myself and a family member or two.
I recently reformated my main PC (WinXP Pro) and obtained a virus shortly thereafter (few days ago) when I downloaded a questionable item (won't go into details)..This virus wrecked havoc on my main PC.. actually; it's been a nitemare. I never even thought it would infect my debian machine, and maybe it hasn't. Here are the details:
Upon checking free I see that I have 2% RAM left. Also I can't apt-get update, and I tried to install clamav, but I can't get that either..
SSH works...apache works..mysql works.. I can connect to the site through any of these services but the resources are blown out.
I don't have any active backups on this system (ARGHHhhhh) which is my fault.. But what are my options? Any thoughts on what is wrong with system? IS it in fact a virus or is it something else?
spirowebserver:/# $ grep -i "failed password" /var/log/messages
bash: $: command not found
spirowebserver:/# grep -i "failed password" /var/log/messages
spirowebserver:/#
Update: I have been able to install clamav but it won't scan. I also have been able to get apt-get update to work also (not sure how, but it works now)...
It's probably a good idea to download and run rootkit hunter on the system to identify any other hidden surprises on the system (rootkits, bindshells, etc).
Originally posted by Capt_Caveman It's probably a good idea to download and run rootkit hunter on the system to identify any other hidden surprises on the system (rootkits, bindshells, etc).
Great suggestion. I was unfamiliar with that program until now..
Quote:
MD5
MD5 compared: 67
Incorrect MD5 checksums: 0
File scan
Scanned files: 342
Possible infected files: 0
Application scan
Vulnerable applications: 3
Scanning took 143 seconds
Even showed me some services I need to tighten up...
Originally posted by sspiro Great suggestion. I was unfamiliar with that program until now..
No problem. I'd also suggest looking into a file integrity scanner like tripwire, aide or samhain. They're really meant to be put on a system immediately after installation, so in this case they wouldn't be much help. But when used properly, they allow you to immediately detect modification of any critical system files and configs. In a situation like investigating a potential compromise or viral infection they can save you alot of time and grief.
Cheers.
Could you maybe do a top to see what's eating all your RAM? When you're in top use M to see the memory usage. This could shed some light on what's causing the problem. If you see any processes you don't trust you can investigate the problem or give them a kill -9.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.