The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

check for trojans

Discussion in 'General Discussion' started by chadi, Jul 25, 2004.

  1. chadi

    chadi BANNED

    Joined:
    Apr 20, 2004
    Messages:
    415
    Likes Received:
    0
    Trophy Points:
    0
    I'm doing a check for trojans (first time this server) and got a few "possible trojan - /usr/bin/whatever"

    What would that mean exactly? If it is a Trojan, how will I be able to delete it?
     
  2. sawbuck

    sawbuck Well-Known Member

    Joined:
    Jan 18, 2004
    Messages:
    1,367
    Likes Received:
    5
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    If you are checking in WHM there are a number of false positives. Better to use rkhunter and/or chkrootkit.
     
  3. chadi

    chadi BANNED

    Joined:
    Apr 20, 2004
    Messages:
    415
    Likes Received:
    0
    Trophy Points:
    0
    chkrootkit is the actual command line?
     
  4. sawbuck

    sawbuck Well-Known Member

    Joined:
    Jan 18, 2004
    Messages:
    1,367
    Likes Received:
    5
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
  5. chadi

    chadi BANNED

    Joined:
    Apr 20, 2004
    Messages:
    415
    Likes Received:
    0
    Trophy Points:
    0
    I tried chkrootkit. One step it says "make sense"

    I typed that and got

    make: Nothing to be done for `sense'.

    Why?
     
  6. sawbuck

    sawbuck Well-Known Member

    Joined:
    Jan 18, 2004
    Messages:
    1,367
    Likes Received:
    5
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    Didi you try to run ./chkrootkit?
    Try rkhunter instead.
     
  7. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    If you already typed just make then everythin that make sense does has already been done. As sawbuck says, you should be able to run ./chkrootkit from within that directory.

    The Trojan checker in WHM is completely useless, based on a flawed mechanism in rpm that really isn't much help. The two apps mentioned do a far better job, though you ought to use an IDS, such as tripwire, too.
     
Loading...

Share This Page