Difference between revisions of "Chkrootkit: di ubuntu"

From OnnoWiki
Jump to navigation Jump to search
(Created page with "sumber: https://hostpresto.com/community/tutorials/how-to-install-and-use-chkrootkit-on-ubuntu-14-04/ How to Install and Use chkrootkit on Ubuntu 14.04 10th August 2016 1,946...")
 
Line 1: Line 1:
 
sumber: https://hostpresto.com/community/tutorials/how-to-install-and-use-chkrootkit-on-ubuntu-14-04/
 
sumber: https://hostpresto.com/community/tutorials/how-to-install-and-use-chkrootkit-on-ubuntu-14-04/
  
How to Install and Use chkrootkit on Ubuntu 14.04
 
10th August 2016 1,946k
 
Introduction
 
  
Previously we learned how-to install and use rkhunter to check for rootkits on Ubuntu 14.04. In this tutorial we'll learn how to install and use chkrootkit as alternative to check rootkits on Ubuntu 14.04. chkrootkit is a tool to locally detect for signs of a rootkit. It is listed in the top 100 network security tools survey in 2006 released by insecure.org.
 
Install chkrootkit
 
  
We can install chkrootkit from Ubuntu repository using command below:
+
==Install==
  
$ sudo apt-get install chkrootkit
+
apt-get install chkrootkit
  
We need root privileges to run chkrootkit, so we use sudo here to run chkrootkit.
 
  
If any of the output shown below shows as infected, then you need to check:
+
==Jalankan==
  
$ sudo chkrootkit
+
sudo chkrootkit
ROOTDIR is `/'
 
Checking `amd'...                                          not found
 
Checking `basename'...                                      not infected
 
Checking `biff'...                                          not found
 
Checking `chfn'...                                          not infected
 
Checking `chsh'...                                          not infected
 
Checking `cron'...                                          not infected
 
Checking `crontab'...                                      not infected
 
Checking `date'...                                          not infected
 
Checking `du'...                                            not infected
 
Checking `dirname'...                                      not infected
 
Checking `echo'...                                          not infected
 
Checking `egrep'...                                        not infected
 
Checking `env'...                                          not infected
 
Checking `find'...                                          not infected
 
Checking `fingerd'...                                      not found
 
Checking `gpm'...                                          not found
 
Checking `grep'...                                          not infected
 
Checking `hdparm'...                                        not infected
 
Checking `su'...                                            not infected
 
Checking `ifconfig'...                                      not infected
 
Checking `inetd'...                                        not infected
 
Checking `inetdconf'...                                    not found
 
Checking `identd'...                                        not found
 
Checking `init'...                                          not infected
 
Checking `killall'...                                      not infected
 
Checking `ldsopreload'...                                  not infected
 
Checking `login'...                                        not infected
 
Checking `ls'...                                            not infected
 
Checking `lsof'...                                          not infected
 
Checking `mail'...                                          not found
 
Checking `mingetty'...                                      not found
 
Checking `netstat'...                                      not infected
 
Checking `named'...                                        not found
 
Checking `passwd'...                                        not infected
 
Checking `pidof'...                                        not infected
 
Checking `pop2'...                                          not found
 
Checking `pop3'...                                          not found
 
Checking `ps'...                                            not infected
 
Checking `pstree'...                                        not infected
 
Checking `rpcinfo'...                                      not infected
 
Checking `rlogind'...                                      not found
 
Checking `rshd'...                                          not found
 
Checking `slogin'...                                        not infected
 
Checking `sendmail'...                                      not found
 
Checking `sshd'...                                          not infected
 
Checking `syslogd'...                                      not tested
 
Checking `tar'...                                          not infected
 
Checking `tcpd'...                                          not infected
 
Checking `tcpdump'...                                      not infected
 
Checking `top'...                                          not infected
 
Checking `telnetd'...                                      not found
 
Checking `timed'...                                        not found
 
Checking `traceroute'...                                    not found
 
Checking `vdir'...                                          not infected
 
Checking `w'...                                            not infected
 
Checking `write'...                                        not infected
 
Checking `aliens'...                                        no suspect files
 
Searching for sniffer's logs, it may take a while...        nothing found
 
Searching for rootkit HiDrootkit's default files...        nothing found
 
Searching for rootkit t0rn's default files...              nothing found
 
Searching for t0rn's v8 defaults...                        nothing found
 
Searching for rootkit Lion's default files...              nothing found
 
Searching for rootkit RSHA's default files...              nothing found
 
Searching for rootkit RH-Sharpe's default files...          nothing found
 
Searching for Ambient's rootkit (ark) default files and dirs... nothing found
 
Searching for suspicious files and dirs, it may take a while... nothing found
 
Searching for LPD Worm files and dirs...                    nothing found
 
Searching for Ramen Worm files and dirs...                  nothing found
 
Searching for Maniac files and dirs...                      nothing found
 
Searching for RK17 files and dirs...                        nothing found
 
Searching for Ducoci rootkit...                            nothing found
 
Searching for Adore Worm...                                nothing found
 
Searching for ShitC Worm...                                nothing found
 
Searching for Omega Worm...                                nothing found
 
Searching for Sadmind/IIS Worm...                          nothing found
 
Searching for MonKit...                                    nothing found
 
Searching for Showtee...                                    nothing found
 
Searching for OpticKit...                                  nothing found
 
Searching for T.R.K...                                      nothing found
 
Searching for Mithra...                                    nothing found
 
Searching for LOC rootkit...                                nothing found
 
Searching for Romanian rootkit...                          nothing found
 
Searching for Suckit rootkit...                            Warning: /sbin/init INFECTED
 
Searching for Volc rootkit...                              nothing found
 
Searching for Gold2 rootkit...                              nothing found
 
Searching for TC2 Worm default files and dirs...            nothing found
 
Searching for Anonoying rootkit default files and dirs...  nothing found
 
Searching for ZK rootkit default files and dirs...          nothing found
 
Searching for ShKit rootkit default files and dirs...      nothing found
 
Searching for AjaKit rootkit default files and dirs...      nothing found
 
Searching for zaRwT rootkit default files and dirs...      nothing found
 
Searching for Madalin rootkit default files...              nothing found
 
Searching for Fu rootkit default files...                  nothing found
 
Searching for ESRK rootkit default files...                nothing found
 
Searching for rootedoor...                                  nothing found
 
Searching for ENYELKM rootkit default files...              nothing found
 
Searching for common ssh-scanners default files...          nothing found
 
Searching for suspect PHP files...                          nothing found
 
Searching for anomalies in shell history files...          nothing found
 
Checking `asp'...                                          not infected
 
Checking `bindshell'...                                    not infected
 
Checking `lkm'...                                          chkproc: nothing detected
 
chkdirs: nothing detected
 
Checking `rexedcs'...                                      not found
 
Checking `sniffer'...                                      lo: not promisc and no packet sniffer sockets
 
eth0: PACKET SNIFFER(/sbin/dhclient[577])
 
eth1: not promisc and no packet sniffer sockets
 
Checking `w55808'...                                        not infected
 
Checking `wted'...                                          chkwtmp: nothing deleted
 
Checking `scalper'...                                      not infected
 
Checking `slapper'...                                      not infected
 
Checking `z2'...                                            chklastlog: nothing deleted
 
Checking `chkutmp'...                                      chkutmp: nothing deleted
 
Checking `OSX_RSPLUG'...                                    not infected
 
  
Install the Latest Version of chkrootkit
 
  
The chkrootkit version that Ubuntu Trusty Tahr shipped is version 0.49 while the latest version is 0.50. We can use latest version by downloading from chkrootkit website.
+
==Instalasi Versi Terakhir==
  
Download the latest version of chkrootkit :
 
  
$ wget -c ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz
+
wget -c ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz
 +
wget -c ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.md5
  
Download the package md5 hash file.
+
Verifikasi
  
$ wget -c ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.md5
+
md5sum -c chkrootkit.md5  
  
Let's verify that the file we downloaded is not corrupted or tampered with in any way. It should show OK.
+
chkrootkit.tar.gz: OK
 
 
$ md5sum -c chkrootkit.md5
 
chkrootkit.tar.gz: OK
 
  
 
Extract the package.
 
Extract the package.
  
$ tar xzvf chkrootkit.tar.gz  
+
tar xzvf chkrootkit.tar.gz  
chkrootkit-0.50
+
cd chkrootkit-0.50
chkrootkit-0.50/chkproc.c
+
make sense
chkrootkit-0.50/COPYRIGHT
 
chkrootkit-0.50/README.chkwtmp
 
chkrootkit-0.50/chkutmp.c
 
chkrootkit-0.50/chkwtmp.c
 
chkrootkit-0.50/ifpromisc.c
 
chkrootkit-0.50/strings.c
 
chkrootkit-0.50/chklastlog.c
 
chkrootkit-0.50/chkrootkit.lsm
 
chkrootkit-0.50/check_wtmpx.c
 
chkrootkit-0.50/chkdirs.c
 
chkrootkit-0.50/Makefile
 
chkrootkit-0.50/README
 
chkrootkit-0.50/README.chklastlog
 
chkrootkit-0.50/ACKNOWLEDGMENTS
 
chkrootkit-0.50/chkrootkit
 
 
 
Go to extracted directory and compile chkrootkit.
 
  
$ cd chkrootkit-0.50
+
Jalankan
$ make sense
 
  
Now to run chkrootkit you can use command below :
+
sudo ./chkrootkit
  
$ sudo ./chkrootkit
+
Cek Versi
  
To check whether we already get the latest version we can use -V option :
 
  
$ ./chkrootkit -V
+
/chkrootkit -V
chkrootkit version 0.50
 
  
The one installed from Ubuntu repository is still there, we can check the version also by running command below:
+
chkrootkit version 0.50
  
$ chkrootkit -V
+
==Enable Scheduled Check==
chkrootkit version 0.49
 
  
Enable Scheduled Check
+
vi /etc/chkrootkit.conf :
chkrootkit package that comes from Ubuntu repository comes with crontab configuration. The crontab is scheduled to run daily. To enabled the daily check you can open /etc/chkrootkit.conf :
 
  
Replace the first line:
+
Ubah
  
RUN_DAILY="false"
+
RUN_DAILY="false"
  
 
with
 
with
  
RUN_DAILY="true"
+
RUN_DAILY="true"
 
 
Summary
 
 
 
In this tutorial we learned how to install and use chkrootkit on Ubuntu 14.04. We also learned to install the latest version of chkrootkit by downloading the source code and compiling the code to create executable binary. We also learn enabling daily check schedule that comes with chkrootkit package.
 
 
 
Using chkrootkit will help us secure our servers by making sure the server does not have rootkits running.
 
 
 
 
 
  
  

Revision as of 07:49, 13 June 2017

sumber: https://hostpresto.com/community/tutorials/how-to-install-and-use-chkrootkit-on-ubuntu-14-04/


Install

apt-get install chkrootkit


Jalankan

sudo chkrootkit


Instalasi Versi Terakhir

wget -c ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz
wget -c ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.md5

Verifikasi 

md5sum -c chkrootkit.md5 

chkrootkit.tar.gz: OK

Extract the package. 

tar xzvf chkrootkit.tar.gz 
cd chkrootkit-0.50
make sense

Jalankan 

sudo ./chkrootkit

Cek Versi 


/chkrootkit -V

chkrootkit version 0.50

Enable Scheduled Check

vi /etc/chkrootkit.conf :

Ubah 

RUN_DAILY="false"

with 

RUN_DAILY="true"









Referensi

Retrieved from "https://onnocenter.or.id/wiki/index.php?title=Chkrootkit:_di_ubuntu&oldid=48642"