nixCraft

Run the chkrootkit program to check signs of a rootkit chkrootkit is a utility or tool to locally check for signs of a rootkit on a Linux server.

Step # 1: Download latest version from www.chkrootkit.org
Use wget command to download chkrootkit program
Step # 2: Untar and build chkrootkit
Step # 3: Run chkrootkit command to check signs of a rootkit
Hope this helps newbie like me out there.

__________________

Unfortunetly it shall only search for pre-known signitures, any new RootKit will not be detectid ... But its good to try anyway.

U can download and use updated database. Also don't forget

http://www.rootkit.nl/
Logcheck and tripwire

__________________

OK, but private rootkits shall never be discovered with this, thats what I ment

__________________
LivE Free 0r DiE
L!nux rul3z aLL

Chk out good info @ http://linuxhelp.blogspot.com/2006/1...otkits-in.html

I prefer not to give shell access to production mail/web server. I also prefer to lock down kernel using SELinux and running all services inside a jail.

__________________
Vivek Gite
Linux Evangelist
Be proud RHEL user, and let the world know about your enterprise choices! Join RedHat user group.
Always use CODE tags for posting system output and commands!
Do you run a Linux? Let's face it, you need help

Also nixCraft use a grSecurity Kernel + if a web server the mod_sec for appache

__________________
LivE Free 0r DiE
L!nux rul3z aLL

Oh yes grsecurity is very good patch. SELinux has its own problem and complicities.

Also don't forget good patch from Linux Intrusion Detection System (lids) kernel level patch.

In case someone else is reading this post,

Grsecurity is here http://www.grsecurity.net/ lids is here http://www.lids.org/ and SELinux is now included in RHEL/CentOS and other disros or download @ http://www.nsa.gov/selinux/

mod_sec does wonders for Apache

__________________
Vivek Gite
Linux Evangelist
Be proud RHEL user, and let the world know about your enterprise choices! Join RedHat user group.
Always use CODE tags for posting system output and commands!
Do you run a Linux? Let's face it, you need help

Yep I use it on my system I have a script some where which downloads and compiles the whole stuff for you, I shall search my HD and see where it is to share it with you.

Really nixCraft this is new to me can you tell us abt it a little more ?

Yep I keep all the russian shells such as shell99 and c99 out of my Servers by mod_sec and of course regex.

__________________
LivE Free 0r DiE
L!nux rul3z aLL