Tag Archives: Fedora

Rootkit scanners

Unhide

Unhide is a forensic tool to find processes and TCP/UDP ports hidden by rootkits, Linux kernel modules or by other techniques. It includes two utilities: unhide and unhide-tcp. Unhide detects hidden processes using three techniques: – comparing the output of /proc and /bin/ps – comparing the information gathered from /bin/ps with the one gathered from system calls (syscall scanning) – full scan of the process ID space (PIDs bruteforcing) unhide-tcp identifies TCP/UDP ports that are listening but are not listed in /bin/netstat through brute forcing of all TCP/UDP ports available. http://packages.sw.be/unhide/ oppure per l’installazione su fedora : yum install unhide # unhide Unhide 20080519 yjesus@security-projects.com usage: unhide proc | sys | brute unhide proc Unhide 20080519 yjesus@security-projects.com [*]Searching for Hidden processes through /proc scanning

Chrootkit

http://www.chkrootkit.org chkrootkit is a tool to locally check for signs of a rootkit. It contains: * chkrootkit: shell script that checks system binaries for rootkit modification. * ifpromisc: checks if the network interface is in promiscuous mode. * chklastlog: checks for lastlog deletions. * chkwtmp: checks for wtmp deletions. * chkproc: checks for signs of LKM trojans. * chkdirs: checks for signs of LKM trojans. * strings: quick and dirty strings replacement. * chkutmp: checks for utmp deletions. yum install chrootkit

Rkhunter

Rootkit Hunter (RKH) is an easy-to-use tool which checks computers running UNIX (clones) for the presence of rootkits and other unwanted tools. yum install rkhunter

Lynis

Lynis is a security and system auditing tool. It scans a system on the most interesting parts useful for audits, like: – Security enhancements – Logging and auditing options – Banner identification – Software availability Lynis is released as a GPL licensed project and free for everyone to use. See http://www.rootkit.nl for a full description and documentation. yum install lynis lynis -c [ Lynis 1.2.9 ] ################################################################################ Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under the terms of the GNU General Public License. See LICENSE file for details about using this software. Copyright 2007-2009 – Michael Boelen, http://www.rootkit.nl/ ################################################################################ [+] Initializing program ———————————— – Detecting OS…                                           [ DONE ] – Clearing log file (/var/log/lynis.log)…                 [ DONE ] ————————————————— Program version:           1.2.9 Operating system:          Linux Operating system name:     Fedora Operating system version:  Fedora release 12 (Constantine) Kernel version:            2.6.32.11-99.fc12.x86_64 Hardware platform:         x86_64 Hostname:                  crust1 Auditor:                   [Unknown] Profile:                   /etc/lynis/default.prf Log file:                  /var/log/lynis.log Report file:               /var/log/lynis-report.dat Report version:            1.0 ————————————————— [ Press [ENTER] to continue, or [CTRL]+C to stop ]

Nvidia dual screen hang

Se avete problemi con la vostra scheda nvidia con dual screen ( hang o reboot ) durante la riproduzione di filmati potete fare questi tentativi per risolvere .

Modificare /etc/grub.conf aggiungendo nomodeset ( in modo da disabilitare il kernel mode setting )

kernel /vmlinuz-2.6.32.9-70.fc12.x86_64 ro root=/dev/mapper/vg_crust1-LogVol01  LANG=en_US.UTF-8 SYSFONT=latarcyrheb-sun16 KEYBOARDTYPE=pc KEYTABLE=it nomodeset rhgb quiet

e poi aggiungere in /etc/X11/xorg.cong la seguente opzione

Option “AccelMethod” “XAA” esempio :

Section “Device”
Identifier     “Device1”
Driver         “nvidia”
VendorName     “NVIDIA Corporation”
BoardName      “GeForce 8400 GS”
Option “AccelMethod” “XAA”
BusID          “PCI:1:0:0”
Screen          1
EndSection

fare un reboot e incrociate le dita…

prova effettuata su :

Fedora release 12 (Constantine) Kernel 2.6.32.9-70.fc12.x86_64
Scheda grafica : nVidia Corporation GeForce 8400 GS (rev a1)
xorg-x11-drv-nvidia-libs-190.53-4.fc12.x86_64
nvidia-xconfig-1.0-2.fc12.x86_64
kmod-nvidia-2.6.31.12-174.2.19.fc12.x86_64-190.53-1.fc12.4.x86_64
kmod-nvidia-2.6.32.9-70.fc12.x86_64-190.53-3.fc12.x86_64
xorg-x11-drv-nvidia-libs-190.53-4.fc12.i686
kmod-nvidia-2.6.31.12-174.2.22.fc12.x86_64-190.53-1.fc12.5.x86_64
kmod-nvidia-190.53-3.fc12.x86_64
xorg-x11-drv-nvidia-190.53-4.fc12.x86_64
nvidia-settings-1.0-3.4.fc12.x86_64
xorg-x11-drv-nvidia-libs-190.53-4.fc12.x86_64
nvidia-xconfig-1.0-2.fc12.x86_64
kmod-nvidia-2.6.31.12-174.2.19.fc12.x86_64-190.53-1.fc12.4.x86_64
kmod-nvidia-2.6.32.9-70.fc12.x86_64-190.53-3.fc12.x86_64
xorg-x11-drv-nvidia-libs-190.53-4.fc12.i686
kmod-nvidia-2.6.31.12-174.2.22.fc12.x86_64-190.53-1.fc12.5.x86_64
kmod-nvidia-190.53-3.fc12.x86_64
xorg-x11-drv-nvidia-190.53-4.fc12.x86_64
nvidia-settings-1.0-3.4.fc12.x86_64