chkrootkit: shell script that checks system binaries for rootkit modification.


The following tests are made:
aliens asp bindshell lkm rexedcs sniffer wted w55808 scalper slapper z2 amd basename biff chfn chsh cron date du dirname echo egrep env find fingerd gpm grep hdparm su ifconfig inetd inetdconf init identd killall ldsopreload login ls lsof mail mingetty netstat named passwd pidof pop2 pop3 ps pstree rpcinfo rlogind rshd slogin sendmail sshd syslogd tar tcpd tcpdump top telnetd timed traceroute vdir w write

1. Login to your server as root. (SSH)

2. Down load the chkrootkit.
Type: wget

3. Unpack the chkrootkit you just downloaded.
Type: tar xvzf chkrootkit.tar.gz

4. Change to new directory

Type: cd chkrootkit*

5. Compile chkrootkit
Type: make sense

6. Run chkrootkit
Type: ./chkrootkit

If it says “Checking `bindshell’… INFECTED (PORTS: 465)”

This is normal and it is NOT really a virus.

Facebook Comments

More Stuff

90s Web Design: A Nostalgic Look Back A nostalgic look back at 90s web design, and a warning to anyone whose website is an accidental anachronism.Remember the days when every PC was ...
Linux mount an LVM volume / partition command nixCraft I have some data on second SATA hard disk created by Fedora Linux installer with some data. How do I mount an LVM volume/partition in Linux to access...
What Actually “rm -rf” Command Do in Linux? The rm command is a UNIX and Linux command line utility for removing files or directories on a Linux system. In this article, we will clearly explain ...
So Apple Is Worth $1 Trillion. Now Comes the Hard Part So it finally happened. Apple announced stellar quarterly earnings; investors liked them; the stock rose; and Apple became the first US company to sur...
Spread the love

Posted by News Monkey