Difference between revisions of "Rootkit cleaner"
Line 1: | Line 1: | ||
+ | [[Category:Linux]] | ||
+ | |||
RootKits enable a remote person to take control over your server. That's really bad !! You have to protect yourself against these attacks. | RootKits enable a remote person to take control over your server. That's really bad !! You have to protect yourself against these attacks. | ||
Latest revision as of 17:03, 10 June 2014
RootKits enable a remote person to take control over your server. That's really bad !! You have to protect yourself against these attacks.
Contents
Required programs
apt-get install rkhunter unhide
Update RootKit definitions
rkhunter --propupd
rkhunter --update
Search for RootKits
You can search for any rootkit in your computer with rkhunter :
rkhunter -c
RootKit hunter [rkhunter] configuration
You can configure rkhunter :
vim /etc/rkhunter.conf
To suppress the “Warning : the modules files ‘/proc/modules’ is missing” you need to add a skip test, line 246
DISABLE_TESTS="suspscan hidden_procs deleted_files packet_cap_apps apps os_specific"
According to your specific configuration, you need to adjust some specifics folders, line 438
allowhiddendir=/dev/.udev