RootKitProblem-OnFLEX(Open)
[
Front page
] [
New
|
Page list
|
Search
|
Recent changes
|
Help
|
Log in
]
Start:
#contents
*Rootkit Problem on FLEX [#rootkitproblem]
A rootkit is a malicious software designed to obtain root...
On Linux, there are several rootkit scanner tools that he...
* Protecting FLEX by rkhunter [#protect]
**Installation [#install]
Install rkhunter on Ubuntu:
$ sudo apt-get install rkhunter
**Perform Rootkit Scanning [#perform]
To perform rootkit scanning on FLEX, simply run the follo...
$ sudo rkhunter -c
Once rkhunter is initiated, it will go ahead and run a se...
- Compare SHA-1 hashes of system binaries against known g...
- Check for known rootkit files and directories, as well ...
- Perform malware detection, including checking for login...
- Perform trojan specific checks such as examining enable...
- Perform checks on network ports and interfaces.
- Perform system boot checks.
- Perform group and account checks.
- Perform system configuration file checks.
- Perform filesystem checks.
** Log files [#log]
Once scanning is completed, rkhunter stores the result in...
System checks summary
=====================
Rootkit checks...
Rootkits checked : 310
Possible rootkits: 2
Rootkit names : SHV4 Rootkit, SHV5 Rootkit
Applications checks...
All checks skipped
The system checks took: 1 minute and 54 seconds
All results have been written to the log file: /var/log/...
One or more warnings have been found while checking the ...
Please check the log file (/var/log/rkhunter.log)
**Database update [#update]
Rootkit Hunter relies on a set of database files to detec...
$ sudo rkhunter --update
[ Rootkit Hunter version 1.4.0 ]
Checking rkhunter data files...
Checking file mirrors.dat ...
Checking file programs_bad.dat ...
Checking file backdoorports.dat ...
Checking file suspscan.dat ...
Checking file i18n/cn ...
Checking file i18n/de ...
Checking file i18n/en ...
Checking file i18n/tr ...
Checking file i18n/tr.utf8 ...
Checking file i18n/zh ...
Checking file i18n/zh.utf8 ...
* FLEX Firewall [#firewall]
We also set up firewall for FLEX to protect it from any o...
$ sudo ufw enable
By defaults, we deny all incoming connections and allow a...
$ sufo ufw default deny incoming
$ sudo ufw default allow outgoing
And then, we open some specific standard ports used for c...
$ sudo ufw allow ssh
$ sudo ufw allow ftp
and so on.
We found recently that some ports still can be explored b...
$ sudo ufw deny out 3724
$ sudo ufw deny 40000:60000/tcp
$ sudo ufw deny 40000:60000/udp
To check the firewall status, use the following command:
$ sudo ufw status verbose
End:
#contents
*Rootkit Problem on FLEX [#rootkitproblem]
A rootkit is a malicious software designed to obtain root...
On Linux, there are several rootkit scanner tools that he...
* Protecting FLEX by rkhunter [#protect]
**Installation [#install]
Install rkhunter on Ubuntu:
$ sudo apt-get install rkhunter
**Perform Rootkit Scanning [#perform]
To perform rootkit scanning on FLEX, simply run the follo...
$ sudo rkhunter -c
Once rkhunter is initiated, it will go ahead and run a se...
- Compare SHA-1 hashes of system binaries against known g...
- Check for known rootkit files and directories, as well ...
- Perform malware detection, including checking for login...
- Perform trojan specific checks such as examining enable...
- Perform checks on network ports and interfaces.
- Perform system boot checks.
- Perform group and account checks.
- Perform system configuration file checks.
- Perform filesystem checks.
** Log files [#log]
Once scanning is completed, rkhunter stores the result in...
System checks summary
=====================
Rootkit checks...
Rootkits checked : 310
Possible rootkits: 2
Rootkit names : SHV4 Rootkit, SHV5 Rootkit
Applications checks...
All checks skipped
The system checks took: 1 minute and 54 seconds
All results have been written to the log file: /var/log/...
One or more warnings have been found while checking the ...
Please check the log file (/var/log/rkhunter.log)
**Database update [#update]
Rootkit Hunter relies on a set of database files to detec...
$ sudo rkhunter --update
[ Rootkit Hunter version 1.4.0 ]
Checking rkhunter data files...
Checking file mirrors.dat ...
Checking file programs_bad.dat ...
Checking file backdoorports.dat ...
Checking file suspscan.dat ...
Checking file i18n/cn ...
Checking file i18n/de ...
Checking file i18n/en ...
Checking file i18n/tr ...
Checking file i18n/tr.utf8 ...
Checking file i18n/zh ...
Checking file i18n/zh.utf8 ...
* FLEX Firewall [#firewall]
We also set up firewall for FLEX to protect it from any o...
$ sudo ufw enable
By defaults, we deny all incoming connections and allow a...
$ sufo ufw default deny incoming
$ sudo ufw default allow outgoing
And then, we open some specific standard ports used for c...
$ sudo ufw allow ssh
$ sudo ufw allow ftp
and so on.
We found recently that some ports still can be explored b...
$ sudo ufw deny out 3724
$ sudo ufw deny 40000:60000/tcp
$ sudo ufw deny 40000:60000/udp
To check the firewall status, use the following command:
$ sudo ufw status verbose
Page:
![[PukiWiki]](image/c60.png "[PukiWiki]")
