Tuesday, November 02, 2004
Find system holes with chkrootkit
November 1, 2004 powered by
Find system holes with chkrootkit
While the majority of viruses on the Internet usually target the Win32 platform, Linux is not free of security holes--despite some claims to the contrary. Staying on top of security updates from your vendor is the number one way to protect your system from security holes that pop up in various applications you've installed on your system.
However, simply staying up to date on vulnerabilities may not be sufficient if you don't update frequently or quickly. For instance, if a vulnerability exists in Apache and someone manages to break into your system and leave a backdoor, it doesn't matter if you update Apache the next day--you've already incurred the damage.
A useful utility to help detect sniffers, Trojans, worms, and other backdoor programs is chkrootkit. It examines system logs and files to see if a malicious program has infected them and looks for known signatures associated with different malicious programs.
Using chkrootkit is extremely simple. To compile the program, untar the tar.gz file, and execute the following:
# make sense
After completing this process, you will have one program: chkrootkit. Install this program in a location such as /usr/local/sbin, and run it periodically to ensure no one has installed malware on your computer.
To obtain chkrootkit, visit the chkrootkit Web page.
Find system holes with chkrootkit
While the majority of viruses on the Internet usually target the Win32 platform, Linux is not free of security holes--despite some claims to the contrary. Staying on top of security updates from your vendor is the number one way to protect your system from security holes that pop up in various applications you've installed on your system.
However, simply staying up to date on vulnerabilities may not be sufficient if you don't update frequently or quickly. For instance, if a vulnerability exists in Apache and someone manages to break into your system and leave a backdoor, it doesn't matter if you update Apache the next day--you've already incurred the damage.
A useful utility to help detect sniffers, Trojans, worms, and other backdoor programs is chkrootkit. It examines system logs and files to see if a malicious program has infected them and looks for known signatures associated with different malicious programs.
Using chkrootkit is extremely simple. To compile the program, untar the tar.gz file, and execute the following:
# make sense
After completing this process, you will have one program: chkrootkit. Install this program in a location such as /usr/local/sbin, and run it periodically to ensure no one has installed malware on your computer.
To obtain chkrootkit, visit the chkrootkit Web page.
# posted by MiDBA @ 11/02/2004 09:22:00 AM 
