Tag Archives: how to linux fedora

Rootkit scanners

Unhide

Unhide is a forensic tool to find processes and TCP/UDP ports hidden by rootkits, Linux kernel modules or by other techniques. It includes two utilities: unhide and unhide-tcp. Unhide detects hidden processes using three techniques: – comparing the output of /proc and /bin/ps – comparing the information gathered from /bin/ps with the one gathered from system calls (syscall scanning) – full scan of the process ID space (PIDs bruteforcing) unhide-tcp identifies TCP/UDP ports that are listening but are not listed in /bin/netstat through brute forcing of all TCP/UDP ports available. http://packages.sw.be/unhide/ oppure per l’installazione su fedora : yum install unhide # unhide Unhide 20080519 yjesus@security-projects.com usage: unhide proc | sys | brute unhide proc Unhide 20080519 yjesus@security-projects.com [*]Searching for Hidden processes through /proc scanning

Chrootkit

http://www.chkrootkit.org chkrootkit is a tool to locally check for signs of a rootkit. It contains: * chkrootkit: shell script that checks system binaries for rootkit modification. * ifpromisc: checks if the network interface is in promiscuous mode. * chklastlog: checks for lastlog deletions. * chkwtmp: checks for wtmp deletions. * chkproc: checks for signs of LKM trojans. * chkdirs: checks for signs of LKM trojans. * strings: quick and dirty strings replacement. * chkutmp: checks for utmp deletions. yum install chrootkit

Rkhunter

Rootkit Hunter (RKH) is an easy-to-use tool which checks computers running UNIX (clones) for the presence of rootkits and other unwanted tools. yum install rkhunter

Lynis

Lynis is a security and system auditing tool. It scans a system on the most interesting parts useful for audits, like: – Security enhancements – Logging and auditing options – Banner identification – Software availability Lynis is released as a GPL licensed project and free for everyone to use. See http://www.rootkit.nl for a full description and documentation. yum install lynis lynis -c [ Lynis 1.2.9 ] ################################################################################ Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under the terms of the GNU General Public License. See LICENSE file for details about using this software. Copyright 2007-2009 – Michael Boelen, http://www.rootkit.nl/ ################################################################################ [+] Initializing program ———————————— – Detecting OS…                                           [ DONE ] – Clearing log file (/var/log/lynis.log)…                 [ DONE ] ————————————————— Program version:           1.2.9 Operating system:          Linux Operating system name:     Fedora Operating system version:  Fedora release 12 (Constantine) Kernel version:            2.6.32.11-99.fc12.x86_64 Hardware platform:         x86_64 Hostname:                  crust1 Auditor:                   [Unknown] Profile:                   /etc/lynis/default.prf Log file:                  /var/log/lynis.log Report file:               /var/log/lynis-report.dat Report version:            1.0 ————————————————— [ Press [ENTER] to continue, or [CTRL]+C to stop ]

Advertisements