Difference between revisions of "Rootkit cleaner"
(Created page with "RootKits enable a remote person to take control over your server. That's really bad !! You have to protect yourself against these attacks. =Required programs= <syntaxhighli...") |
|||
| (One intermediate revision by the same user not shown) | |||
| Line 1: | Line 1: | ||
| + | [[Category:Linux]] | ||
| + | |||
RootKits enable a remote person to take control over your server. That's really bad !! You have to protect yourself against these attacks. | RootKits enable a remote person to take control over your server. That's really bad !! You have to protect yourself against these attacks. | ||
| Line 10: | Line 12: | ||
| − | = | + | =Update RootKit definitions= |
| − | |||
| − | |||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
| − | rkhunter - | + | rkhunter --propupd |
| + | rkhunter --update | ||
</syntaxhighlight> | </syntaxhighlight> | ||
| − | = | + | =Search for RootKits= |
| + | |||
| + | You can search for any rootkit in your computer with rkhunter : | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
| − | rkhunter - | + | rkhunter -c |
| − | |||
</syntaxhighlight> | </syntaxhighlight> | ||
Latest revision as of 17:03, 10 June 2014
RootKits enable a remote person to take control over your server. That's really bad !! You have to protect yourself against these attacks.
Contents
Required programs
apt-get install rkhunter unhide
Update RootKit definitions
rkhunter --propupd
rkhunter --update
Search for RootKits
You can search for any rootkit in your computer with rkhunter :
rkhunter -c
RootKit hunter [rkhunter] configuration
You can configure rkhunter :
vim /etc/rkhunter.conf
To suppress the “Warning : the modules files ‘/proc/modules’ is missing” you need to add a skip test, line 246
DISABLE_TESTS="suspscan hidden_procs deleted_files packet_cap_apps apps os_specific"
According to your specific configuration, you need to adjust some specifics folders, line 438
allowhiddendir=/dev/.udev
