Skip to Main Content
Linux Server Hacks, Volume Two
book

Linux Server Hacks, Volume Two

by William von Hagen, Brian K. Jones
December 2005
Beginner content levelBeginner
480 pages
13h 27m
English
O'Reilly Media, Inc.
Content preview from Linux Server Hacks, Volume Two

Hack #68. Check for Rootkits and Other Attacks

Let chkrootkit automatically check your externally facing machines for rootkits and other attacks.

A rootkit is a software package that enables an unauthorized user to obtain root or administrative privileges on a machine. Rootkits are usually installed by exploiting a known security problem. Once installed, they can capture passwords, monitor system status, send system authentication information to other hosts, and even execute programs at scheduled intervals.

While rootkits are conceptually quite interesting, being "rooted" (the term for being compromised such that unauthorized people have root access to your system) is not. Luckily, just as there are plenty of scripts that automate installing rootkits, there are also some great software packages that detect rootkits and identify compromised systems and applications. Some packages, such as Tripwire [Hack #66] and Afick [Hack #67] , generally monitor file sizes and signatures and let you know if something has changed that shouldn't have. This hack explores chkrootkit, one of the most powerful and popular software packages for actually detecting rootkits themselves and discusses how to install and use it to detect and close down invasions.

Types of Rootkits

Linux rootkits work in various ways, usually as kernel modules, user-space software packages that replace system binaries, or a combination of both. Kernel rootkits insert loadable kernel modules that replace system calls with hacked ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Linux Server Hacks

Linux Server Hacks

Rob Flickenger
Mastering CentOS 7 Linux Server

Mastering CentOS 7 Linux Server

Mohamed Alibi, BHASKARJYOTI ROY

Publisher Resources

ISBN: 0596100825Errata Page