Root Kits for Linux - Ubuntu

This is a discussion on Root Kits for Linux - Ubuntu ; http://www.computerworld.com/action/...intsrc=hm_list Are there any anti root kit programs for Ubuntu? -- Alias To email me, remove shoes...

+ Reply to Thread
Results 1 to 7 of 7

Thread: Root Kits for Linux

  1. Root Kits for Linux

    http://www.computerworld.com/action/...intsrc=hm_list

    Are there any anti root kit programs for Ubuntu?
    --
    Alias
    To email me, remove shoes

  2. Re: Root Kits for Linux

    Alias wrote:

    >

    http://www.computerworld.com/action/...intsrc=hm_list
    >
    > Are there any anti root kit programs for Ubuntu?


    Yes
    --
    Confucius: He who play in root, eventually kill tree.


  3. Re: Root Kits for Linux

    On 2007-10-04, Alias wrote:
    > http://www.computerworld.com/action/...intsrc=hm_list
    >
    > Are there any anti root kit programs for Ubuntu?



    http://linuxhelp.blogspot.com/2006/1...otkits-in.html

    --
    PSK - RLU 452647 http://improve-usenet.org
    Killing GG on Ubuntu, openSUSE, Vista and XP with slrn and Xnews
    ~Nick: People are pigs.
    ~Grissom: Don't insult the pigs, Nick. They're actually very clean.

  4. Re: Root Kits for Linux

    Hello,

    *** Check for and wipe out rootkits from your PC ***

    You can choose between
    http://www.rootkit.nl
    and
    http://www.chkrootkit.org

    I think both are command line tools.

    Run both if you want to be sure, but http://www.rootkit.nl seems to have
    more recent updates.
    --------------

    *** Firewall ***
    Linux has a internal Firewall which is called Iptables/Netfilter.
    Iptables is also the name of a command line too that lets you modify the
    firewall's rules. I've recently seens that default Ubuntu 7.04/7.10
    comes with empty rule sets for the firewall which I found the be quite
    (maybe not directly dangerous but) odd.

    So you ought to install a Firewall GUI because it will generate some
    default iptables rules to protect your internet life.

    Choose a among these firewall GUIs. The newest Linux Format Mag had a
    firewall test. I've repirnted the points they gave to each firewall.

    Desktop: Firewall GUI: Points:

    KDE KMyFirewall 8 of 10 points.
    Any FireHOL 7/10
    KDE Guarddog 6/10
    GNOME Firestarter 6/10
    Any Firewall builder 3/10
    Any Shorewall 8/10
    Any Lokkit/gnome-lokkit (not tested)

    You can check wheather your machine has or has not any firewall rules.
    $ sudo iptables --list

    Study this Ubuntu guide (it show what the empty rule sets look like)
    https://help.ubuntu.com/community/IptablesHowTo

    !! My urgent recommenadation is that you install "firestarter" firewall
    GUI if you run GNOME. Install Guarddog og KMyFirewall if KDE.

    See also;
    $ man iptables
    $ man iptables-save
    $ man iptables-restore

    How to use iptables-save and restore.
    http://www.debian-administration.org/articles/445

    Firestarter guide:
    http://www.fs-security.com/docs/introduction.php

    Cheers,

    // moma
    http://www.futuredesktop.org +
    http://www.futuredesktop.org/kernel.html <-- see you there.



    Alias wrote:
    > http://www.computerworld.com/action/...intsrc=hm_list
    > Are there any anti root kit programs for Ubuntu?


  5. Re: Root Kits for Linux

    On Thu, 04 Oct 2007 11:10:23 +0200, Alias wrote:
    > http://www.computerworld.com/action/...intsrc=hm_list
    >
    > Are there any anti root kit programs for Ubuntu?


    Yes, but you would be better off installing an IDS system.

    Triwire, http://la-samhna.de/samhain/s_documentation.html or
    http://sourceforge.net/projects/aide as examples.

  6. Re: Root Kits for Linux

    On Thu, 04 Oct 2007 14:26:03 GMT, Bit Twister wrote:
    > On Thu, 04 Oct 2007 11:10:23 +0200, Alias wrote:
    >> http://www.computerworld.com/action/...intsrc=hm_list
    >>
    >> Are there any anti root kit programs for Ubuntu?

    >
    > Yes, but you would be better off installing an IDS system.
    >

    Tripwire, http://la-samhna.de/samhain/s_documentation.html or
    http://sourceforge.net/projects/aide as examples.


    --
    The warranty and liability expired as you read this message.
    If the above breaks your system, it's yours and you keep both pieces.
    Practice safe computing. Backup the file before you change it.
    Do a, man command_here or cat command_here, before using it.

  7. Re: Root Kits for Linux

    On Thu, 04 Oct 2007, in the Usenet newsgroup alt.os.linux.ubuntu, in article
    , moma wrote:

    >Alias wrote:


    [golly-gee URL deleted]

    Although Linux has long been considered more secure than Windows,
    many of the programs that run on top of Linux have known security
    vulnerabilities, and if an attacker were to exploit an unpatched bug
    ^^^^^^^^^^^^^
    on a misconfigured system, he could seize control of the machine.
    ^^^^^^^^^^^^^^^^^^^^^^^^^

    >Are there any anti root kit programs for Ubuntu?


    --------------------
    Installing a recent version of common_sense.exe should prevent programs
    from "installing themselves". (Thor Kottelin in c.s.m.)
    --
    "common_sense.exe" isn't installed - it makes it harder to hit the icon
    that says "Click Here to get your system screwed", and users get frustrated
    when that happens. Microsoft says that would reduce their profits.
    --------------------

    'common_sense.exe' should be installed on the _user_

    A lot of people think that there is a Mal-ware Fairy that flitters around
    and when they aren't looking, it waves it's magic wand, and p00f! Your
    system is just filled with mal-ware, and you didn't do ANYTHING!!!

    >*** Check for and wipe out rootkits from your PC ***
    >
    >You can choose between
    >http://www.rootkit.nl
    >and
    >http://www.chkrootkit.org
    >
    >I think both are command line tools.


    So you haven't bothered to actually _look_ at these so-called tools?

    >Run both if you want to be sure, but http://www.rootkit.nl seems to
    >have more recent updates.


    You may want to spend a few minutes using a search engine and discover
    how many people actually report finding root-kits using these tools,
    compared to how many people report them finding something that turns
    out to be a well documented error by the tool. What - someone actually
    expects you to LOOK at what you are installing and running in a
    privileged mode??? Last time I looked (a week ago), the "current"
    version of chkrootkit was 0.47 from 10/10/2006. For rkhunter, version
    1.2.9 was officially current (dated 30/09/2006), and a version 1.3.0
    was in beta (the version I looked at doesn't bother including dates in
    the Changelog file, but the script itself was dated 22/09/2007).

    Depending on tools that are poorly written and based on incompletely
    thought out concepts is one reason boxes get r00ted in the first place.
    These are both rather extensive Bourne shell scripts, that attempt to
    look for some indications that have been seen in the past (as much as
    7 _years_ ago) and hoping that the mal-ware authors haven't thought
    to make even elementary changes - like changing a filename from
    /tmp/.../a to /tmp/.../b - who would EVER thing of something so
    clever?

    Bottom line: both tools are a waste of CPU cycles.

    >*** Firewall ***
    >Linux has a internal Firewall which is called Iptables/Netfilter.
    >Iptables is also the name of a command line too that lets you modify the
    >firewall's rules. I've recently seens that default Ubuntu 7.04/7.10
    >comes with empty rule sets for the firewall which I found the be quite
    >(maybe not directly dangerous but) odd.


    /bin/netstat -anptu

    Does that show anything listening to ANYTHING other than 127.0.0.x?
    If so, why?

    >So you ought to install a Firewall GUI because it will generate some
    >default iptables rules to protect your internet life.


    No idea what the rules are, what they may do or may NOT do, but you
    will have some rules, and that must be good for something... right?

    And then people wonder why their box got 0wn3d.

    Old guy

+ Reply to Thread