Right On the DOT! Search this site
Edward Palonek's Security Related Wiki For Networks Administrators

Edward Palonek's Step 1: How to scan a unix server for a root kit. 

 

 

While there are many ways of doing this task manually there are many programs that will speed this process. I do not recommend using just one program but a combination of several programs. This will ensure that you can eliminate over 90% of root kits out there. Not every rootkit made makes its way to the anti-root kit databases. But majority usually do, public ones. For the other roots there are some strategies that you can apply to scan and be alert of them. Being vigilant is the key to good security practices.

 

Some of these programs rely on others to run, so first download LSOF from http://freshmeat.net/projects/lsof/

 

1)      Download Root Kit hunter from http://www.rootkit.nl/projects/rootkit_hunter.html

2)      Download Snort from Snort

3)      If do not have netcat installed, its about time to get it done http://www.vulnwatch.org/netcat/

4)      Install checkrootkit from chkrootkit

5)      Get SARA, a very good tool from http://www-arc.com/sara/

 

Simple, install each program and scan each computer. If you suspect that you might be already compromised try backtrack live cd. You basically boot from the CD and then scan your hard drives using the tools above and some more. You can get backtrack from http://www.remote-exploit.org/backtrack.html

 

Optional you can also install Bastille which locks down security on your machine.

 

I know these might seem like a lot of steps, but in reality they are not. Most security consultants will tell you that you need 10+ programs just to keep up. This is not the case. In reality the process is simplified today, and the programs mentioned will get 90% of all root-kits. Performing an automated scan every day using lsof/netcat will detect the other 9.99% of root kits.

 

This is by far the best and most comprehensive yet very simple and effective method of staying hacker free.

 

So this was step (One), if you have any problems with this please send me an email and I’ll be happy to answer your questions.

 

 

Write a comment

  • Required fields are marked with *.

 

 

 

 

 

 

Left Side Security Wing