One of the plagues of a server getting hacked is not realizing there has been an intrusion. This can lead to savvy malicious intruders who leave hidden tools that can capture authentication data, damage critical system files and monitor/relay traffic through a compromised server, often without detection.
These threats often come in the form of rootkits.
While checking after the fact is probably not the best method, it is one way in keeping tabs on the integrity of your servers. The best practice is to have tools in place such as well-configured firewalls, difficult root passwords and applications that prevent or alarm on binary and configuration file changes (such as Tripwire).
That said, when an administrator is concerned that something may be amiss on a system, a tool called chkrootkit, authored by Nelson Murilo and Klaus Steding-Jessen, can detect up to 56 different root kits on numerous platform variants including FreeBSD, Linux, Solaris, HP UX and others.
It is amazingly easy to install, simply untar in a directory of your choice on your server, su to root and type ‘make sense’ within the chkrootkit directory. You can then execute ‘./chkrootkit’ as root and receive an onscreen report of the results. My preference is to let this run from time to time in cron and output the results to a file I can review when checking logs and performing general admin on my servers.
Related posts:
- 11 Virtual Machine Solutions To Ease Your Cross-Platform Checks Who needs two computers when you have virtual machines? Sean...
- How to Install MySQL Installing MySQL is easier than you think. Craig provides a...
- Build Your Own Dev Server with VirtualBox What's the best way to test your web site on...
- How to Install Apache Web Server on Windows Professional web developers need a web server and Apache is...
Chkrootkit Tutorial is available to install and configure chkrootkit.
September 14th, 2004 at 9:06 am