Home > IT, Linux > Grow Up your Linux Security

Grow Up your Linux Security

February 24, 2010 Leave a comment Go to comments

Thanks to nitot for this nice picture

Hi people… Nice picture, isn’t it? By the way, this isn’t completely true… Now I would explain in a better way my thoughts.

If you are a Linux user you are protected from virus but you should be aware from rootkits… They are worst than virus, because they could working for open some backdoors that malicious people could use to read your data, delete some precious files and in the worst cases they could retrieve your account passwords and became root, using the full power of you PC.

For example, if you aren’t able to check your logs (because they were deleted), it would be an alarm bell… Something is trying to hide its actions to your eyes.

The best way is to prevent these situations, setting up a good firewall policy, using software like Fail2Ban (to make an auto-checking of your logs, looking for some log in errors or other strange situations) and using a software for rootkit checking, like RKHunter.

RKHunter is able to scan your system looking for rootkits and other types of exploits. It could make the following useful things:

  • Hash MD5 check
  • Looking for files often used by rootkits
  • Looking for wrong binary file permissions
  • Looking for suspicius strings into LKM and KLD modules
  • Looking for hidden files

So that, my advice is to install RKHunter after a clean installation of your Linux System, and after that you should plan some auto-update and auto-check up. You can simply do it editing /etc/crontab to program routine actions.

Install RKHunter:

# cd /opt
# wget http://sourceforge.net/progects/rkhunter/files/rkhunter/1.3.6/rkhunter-1.3.6.tar.gz/download?use_mirror=autoselect
# tar xfvz rkhunter-1.3.6.tar.gz
# cd rkhunter-1.3.6
# ./installer.sh --layout default --install
# cd ..
# rmdir rkhunter-1.3.6

Update RKHunter

# rkhunter --update
# rkhunter --propupd

RKHunter Scan
# rkhunter -c [--createlog ] [--skip-keypress]

Some Links:

RKHunter Official Site

CHKRootkit (Another great tool, you can use it with RKHunter)

Author of the picture below (Nitot)

Advertisement
Categories: IT, Linux Tags: , , ,
  1. Rev
    April 20, 2010 at 6:13 am | #1
    Reply | Quote

    Hi Mirko
    I want to ask you about Something related with Samba.(But I don`t know where and how?)

    • wormpress80s
      April 20, 2010 at 7:18 am | #2
      Reply | Quote

      Hi Rev, nice to meet you.
      You can send me an e-mail at mirko[dot]bonadei [at] gmail [dot] com

  2. Rev
    April 22, 2010 at 3:36 am | #3
    Reply | Quote

    thanks

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Follow

Get every new post delivered to your Inbox.