Either with ckrootkit or with rkhunter.
chkrootkit:
Either install the package that comes with your distribution (on Debian you would run
apt-get install chkrootkit
), or download the sources from www.chkrootkit.org and install manually:
wget --passive-ftp ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz
tar xvfz chkrootkit.tar.gz
cd chkrootkit-
make sense
Afterwards, you can move the chkrootkit directory somewhere else, e.g. /usr/local/chkrootkit:
cd ..
mv chkrootkit-
Now you can run chkrootkit manually:
cd /usr/local/chkrootkit
./chkrootkit
(if you installed a chkrootkit package coming with your distribution, your chkrootkit might be somewhere else).
You can even run chkrootkit by a cron job and get the results emailed to you:
Run
crontab -e
to create a cron job like this:
0 3 * * * (cd /usr/local/chkrootkit-
That would run chkrootkit every night a 3.00h.
rkhunter:
Download the latest rkhunter sources from www.rootkit.nl:
wget http://downloads.rootkit.nl/rkhunter-1.2.7.tar.gz
tar xvfz rkhunter-1.2.7.tar.gz
cd rkhunter/
./installer.sh
This will install rkhunter to the directory /usr/local/rkhunter. Now run
rkhunter --update
to download the latest chkrootkit/trojan/worm signatures (you should do this regularly).
Now you can scan your system for malware by running
rkhunter -c
No comments:
Post a Comment