Grow Up your Linux Security
Thanks to nitot for this nice picture
Hi people… Nice picture, isn’t it? By the way, this isn’t completely true… Now I would explain in a better way my thoughts.
If you are a Linux user you are protected from virus but you should be aware from rootkits… They are worst than virus, because they could working for open some backdoors that malicious people could use to read your data, delete some precious files and in the worst cases they could retrieve your account passwords and became root, using the full power of you PC.
For example, if you aren’t able to check your logs (because they were deleted), it would be an alarm bell… Something is trying to hide its actions to your eyes.
The best way is to prevent these situations, setting up a good firewall policy, using software like Fail2Ban (to make an auto-checking of your logs, looking for some log in errors or other strange situations) and using a software for rootkit checking, like RKHunter.
RKHunter is able to scan your system looking for rootkits and other types of exploits. It could make the following useful things:
- Hash MD5 check
- Looking for files often used by rootkits
- Looking for wrong binary file permissions
- Looking for suspicius strings into LKM and KLD modules
- Looking for hidden files
So that, my advice is to install RKHunter after a clean installation of your Linux System, and after that you should plan some auto-update and auto-check up. You can simply do it editing /etc/crontab to program routine actions.
Install RKHunter:
# cd /opt # wget http://sourceforge.net/progects/rkhunter/files/rkhunter/1.3.6/rkhunter-1.3.6.tar.gz/download?use_mirror=autoselect # tar xfvz rkhunter-1.3.6.tar.gz # cd rkhunter-1.3.6 # ./installer.sh --layout default --install # cd .. # rmdir rkhunter-1.3.6
Update RKHunter
# rkhunter --update # rkhunter --propupd
RKHunter Scan
# rkhunter -c [--createlog ] [--skip-keypress]
Some Links:
CHKRootkit (Another great tool, you can use it with RKHunter)
