Linux security – root kit scanner

Another useful tool for scanning files on a linux based file sharing/websites systems is chkrootkit. This is a simple root kit scanner.
Once the package is installed simmply run:

#chkrootkit
 ROOTDIR is `/'
 Checking `amd'... not found
 Checking `basename'... not infected
 Checking `biff'... not found
 Checking `chfn'... not infected
 Checking `chsh'... not infected
 Checking `cron'... not infected
 .
 .
 .
 .
 .
 Searching for 64-bit Linux Rootkit ... nothing found
 Searching for 64-bit Linux Rootkit modules... nothing found
 Searching for suspect PHP files... nothing found
 Searching for anomalies in shell history files... nothing found
 Checking `asp'... not infected
 Checking `bindshell'... not infected
 Checking `lkm'... chkproc: nothing detected
 Checking `rexedcs'... not found
 Checking `w55808'... not infected
 Checking `wted'... chkwtmp: nothing deleted
 Checking `scalper'... not infected
 Checking `slapper'... not infected
 Checking `z2'... chklastlog: nothing deleted
 Checking `chkutmp'... The tty of the following user process(es) were not found
 in /var/run/utmp !
 ! RUID PID TTY CMD
 ! root 13979 pts/0 -bash
 ! root 13990 pts/2 -bash
 ! root 15095 pts/2 /bin/sh /usr/sbin/chkrootkit
 ! root 15745 pts/2 ./chkutmp
 ! root 15747 pts/2 ps axk tty,ruser,args -o tty,pid,ruser,args
 ! root 15746 pts/2 sh -c ps axk "tty,ruser,args" -o "tty,pid,ruser,args"
 chkutmp: nothing deleted
 Checking `OSX_RSPLUG'... not infected

Leave a Reply

Your email address will not be published. Required fields are marked *

1 × three =

This site uses Akismet to reduce spam. Learn how your comment data is processed.