The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

RootKits

Discussion in 'General Discussion' started by mickalo, Jul 6, 2007.

  1. mickalo

    mickalo Well-Known Member

    Joined:
    Apr 16, 2002
    Messages:
    765
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    N.W. Iowa
    Hello,

    we've been using Rootkit Hunter V.1.2.9 for sometime and seems to work well, but there hasn't been updates for quiet sometime, over a year now. Are there others RootKits scanners that work as well, or bettr, that are more up-to-date and can be used on Cpanel boxes?

    Thx's
    Mickalo
     
  2. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,279
    Likes Received:
    36
    Trophy Points:
    48
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    Try chkrootkit - http://www.chkrootkit.org/

    Mike
     
  3. nyjimbo

    nyjimbo Well-Known Member

    Joined:
    Jan 25, 2003
    Messages:
    1,125
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    New York
    Weird how that one hasnt been updated in over 8 months. Somebody out there must have something better.

    Does anyone know if the antivirus packages for servers (linux/freebsd) like the one from AVG (Grisoft) does rootkit type detections or if its just a standard Windows virus scanner?
     
  4. jerrybell

    jerrybell Well-Known Member

    Joined:
    Nov 27, 2006
    Messages:
    90
    Likes Received:
    0
    Trophy Points:
    6
    I don't believe the rootkit world changes as fast as the virus and exploit world. Having said that, it does seem like it changes faster than once a year.

    In my other life, I work for a big infosec company, and as I think about it, I can't come up with any commercial vendors that produce a rootkit detection/removal tool.

    Seems like maybe an uptapped market...
     
  5. WebHostDog

    WebHostDog Well-Known Member

    Joined:
    Sep 3, 2006
    Messages:
    144
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Website Owner
    rkhunter works perfect. they do not have new version but they update their databases with new signs and etc.
    to update it :


    rkhunter --update



    Thanks,
     
  6. mickalo

    mickalo Well-Known Member

    Joined:
    Apr 16, 2002
    Messages:
    765
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    N.W. Iowa
    yes, we do run the update daily via cron

    thx's
    Mickalo
     
  7. cooldude7273

    cooldude7273 Well-Known Member

    Joined:
    Jan 11, 2004
    Messages:
    363
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Roswell, GA
    rkhunter 1.3.0 is in development and should be out "this summer" according to their mailing lists.
     
  8. mickalo

    mickalo Well-Known Member

    Joined:
    Apr 16, 2002
    Messages:
    765
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    N.W. Iowa
    glad to hear that. it's an excellent security tool to have on the server ;)

    Mickalo
     
  9. nyjimbo

    nyjimbo Well-Known Member

    Joined:
    Jan 25, 2003
    Messages:
    1,125
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    New York
    Just got this in email:

    Hello all,

    To attract more testers the Rootkit Hunter project team is happy to
    announce the beta release of 1.3.0.

    http://rkhunter.sourceforge.net/

    Given the timeframe between releases the changelog is packed
    listing 34 new features, 47 changes and 16 bugfixes. To name a few:

    - New command-line option '--propupd' replaces 'hashupd.sh'.
    - New command-line option '--pkgmgr' supporting RPM, Dpkg and BSD-
    style package managers.
    - New command-line option '--hash' to select the hash function
    command for the file hash value check and the properties update.
    - Added support for Ubuntu, and the 'dash' and 'ash' shells.
    - Added basic internationalization (i18n) functionality.
    - Added two new command-line and configuration file options, '--
    enable' and '--disable' to specify which tests are to be carried
    out and which are to be ignored.
    - Added support for Solaris 10 inetd mechanism (inetadm).
    - Application version numbers can now be whitelisted. This caters
    for those distributions that may patch a 'known bad' version, but
    without updating the original version number.


    There's much, much more. Please see the changelog for details on
    all the features, changes and bugfixes.

    My sincere thanks to all who made and make this project and this
    release possible. While there are many known and unknown
    contributors, and all constructive support is viewed as equally
    important, I would like to thank John Horne by name. Without his
    efforts many improvements and features would not have been
    introduced *at all*.


    Best regards, unSpawn

    ------------------------------------------
     

Share This Page