The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Scan for Trojan Horses freezes my server

Discussion in 'General Discussion' started by chmod, May 5, 2004.

  1. chmod

    chmod Well-Known Member

    Joined:
    Apr 20, 2004
    Messages:
    45
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    London - UK
    Hi, this is the second time in two weeks this has happened but not every time after running Scan for Trojan Horses. My server freezes and I have to get the data center to reboot the machine.

    WHM 9.2.0 cPanel 9.2.0-R24
    RedHat 9 - WHM X v2.1.2

    Any ideas..

    Thanks

    chmod
     
  2. bamasbest

    bamasbest Well-Known Member

    Joined:
    Jan 10, 2004
    Messages:
    531
    Likes Received:
    0
    Trophy Points:
    16
    How much RAM is installed? What type of processor? Do all of your partitions have ample free space?
     
  3. chmod

    chmod Well-Known Member

    Joined:
    Apr 20, 2004
    Messages:
    45
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    London - UK
    Hi, its a:

    Intel P4 3.0 Ghz CPU
    1 GB PC3200 DDR SDRAM

    2 x 120Gb RAID 1


    Filesystem Type Size Used Avail Use% Mounted on
    /dev/md5 ext3 2.0G 235M 1.7G 13% /
    /dev/md2 ext3 94G 311M 89G 1% /home
    none tmpfs 497M 0 497M 0% /dev/shm
    /dev/md1 ext3 1012M 33M 928M 4% /tmp
    /dev/md6 ext3 4.0G 963M 2.8G 26% /usr
    /dev/md4 ext3 2.0G 331M 1.6G 18% /usr/local
    /dev/md3 ext3 6.0G 82M 5.6G 2% /var


    cheers
    chmod
     
  4. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    I really would not bother with that option - it is basically useless anyway. The command is extremely CPU/Memory/IO intensive and its results are next to useless. All it is doing is an rpm compare on every single file in every single product that has been installed via rpm.

    So, for starters just dont' run it. I would suspect that either your server cannot cope with the load, or you have a corrupt rpm database.

    Secondly, install:
    http://www.chkrootkit.org
    http://www.rootkit.nl/projects/rootkit_hunter.html
    Tripwire for your OS

    These will give you a much better idea of files changed on your server.
     
  5. chmod

    chmod Well-Known Member

    Joined:
    Apr 20, 2004
    Messages:
    45
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    London - UK
    Thanks, I installed chkrootkit earlier today and have it running and emailing me the results daily, do you think rootkit hunter is also required. I`m looking at Tripwire pages right now.

    cheers

    chmod
     
  6. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Rootkit Hunter does things that chkrootkit doesn't and vice-versa, so they help fill the gaps in each of the apps.
     
Loading...

Share This Page