Scan for Trojan Horses freezes my server

[chmod]

Hi, this is the second time in two weeks this has happened but not every time after running Scan for Trojan Horses. My server freezes and I have to get the data center to reboot the machine.

WHM 9.2.0 cPanel 9.2.0-R24
RedHat 9 - WHM X v2.1.2

Any ideas..

Thanks

chmod

 

[bamasbest]

How much RAM is installed? What type of processor? Do all of your partitions have ample free space?

 

[chmod]

Hi, its a:

Intel P4 3.0 Ghz CPU
1 GB PC3200 DDR SDRAM

2 x 120Gb RAID 1


Filesystem Type Size Used Avail Use% Mounted on
/dev/md5 ext3 2.0G 235M 1.7G 13% /
/dev/md2 ext3 94G 311M 89G 1% /home
none tmpfs 497M 0 497M 0% /dev/shm
/dev/md1 ext3 1012M 33M 928M 4% /tmp
/dev/md6 ext3 4.0G 963M 2.8G 26% /usr
/dev/md4 ext3 2.0G 331M 1.6G 18% /usr/local
/dev/md3 ext3 6.0G 82M 5.6G 2% /var


cheers
chmod

 

[chirpy]

I really would not bother with that option - it is basically useless anyway. The command is extremely CPU/Memory/IO intensive and its results are next to useless. All it is doing is an rpm compare on every single file in every single product that has been installed via rpm.

So, for starters just dont' run it. I would suspect that either your server cannot cope with the load, or you have a corrupt rpm database.

Secondly, install:
http://www.chkrootkit.org
http://www.rootkit.nl/projects/rootkit_hunter.html
Tripwire for your OS

These will give you a much better idea of files changed on your server.

 

[chmod]

Thanks, I installed chkrootkit earlier today and have it running and emailing me the results daily, do you think rootkit hunter is also required. I`m looking at Tripwire pages right now.

cheers

chmod

 

[chirpy]

Rootkit Hunter does things that chkrootkit doesn't and vice-versa, so they help fill the gaps in each of the apps.