Hello,
I have been tasked with checking some Solaris servers to see if root kits had been installed. I am told there are utilites to that. Has anyone heard of such a thing and know where I can find it?
Printable View
Hello,
I have been tasked with checking some Solaris servers to see if root kits had been installed. I am told there are utilites to that. Has anyone heard of such a thing and know where I can find it?
damn.....
ok, lets try again...
http://www.google.com/search?hl=en&l...=Google+Search
First 5 of 4660 resluts...
chkrootkit
rootkit detector
anti-rootkit
check rootkit
rootkit-check
Interesting point, if you dont know what a root kit is, why are you being tasked to check for it? and why do you want to find one?
I can understand if you want to learn how one works.... just wondering. no offense, but it sounds a little strange that you get tasked to "find them on some solaris servers", dont know what they are, and in the same breath want to find one....*shrug*
I should have explained myself a little better. I am looking for your opinions as to the best one. I had searched google and found many, but to save time and get this accomplished quickly I wanted the best one. I am new to sys admin duties and it was suggested that one or all of our servers could possibly be owned and being used to attack others. I just learned the term "root kit" the other day. So yes, i do want to find out how they work, how someone could have got one installed on our servers, if at all and how detect and clean them from my systems. I am unix literate to a small degree but still learning all I can.
That is why I posted in the Newbie section.
Thanks for your help.
The best one? No idea. I use tripwire to make sure that nothing gets a rootkit installed. If one does get installed, I know about it immediately, and take down the server....
A root kit installs a back door on your system, and modifies some of the programs, so that when you log in on the backdoor, you are completely undected (who doesn't work, no logs, etc etc.) To install one, someone has to take over root.
BEST thing is to start with known clean box then install Tripwire to check for altered files :).Quote:
Originally posted here by souleman
The best one? No idea. I use tripwire to make sure that nothing gets a rootkit installed. If one does get installed, I know about it immediately, and take down the server....
A root kit installs a back door on your system, and modifies some of the programs, so that when you log in on the backdoor, you are completely undected (who doesn't work, no logs, etc etc.) To install one, someone has to take over root.
Great idea going forward and once I rebuild these boxes I will do that. However, right now I need to verify if any of these servers have been compromised so I know what info may be compromised.
Thanks for everyone's help
tripwire, huh? I have to start playin with *nix. :)
it sounds so much better than windows.
It would have been much better to explain this earlier, in words, rather than just coming out and tersely asking for a way to check for rootkits. More information up front tends to get more useful information later, here.Quote:
Originally posted here by bxrluvr
I should have explained myself a little better. I am looking for your opinions as to the best one. I had searched google and found many, but to save time and get this accomplished quickly I wanted the best one. I am new to sys admin duties and it was suggested that one or all of our servers could possibly be owned and being used to attack others. I just learned the term "root kit" the other day. So yes, i do want to find out how they work, how someone could have got one installed on our servers, if at all and how detect and clean them from my systems. I am unix literate to a small degree but still learning all I can.
That is why I posted in the Newbie section.
Thanks for your help.
Unfortunately, I must echo what others have already said... a known-good machine (ie. fresh install FREE from any networks) coupled with a Tripwire instance is your best bet.
Oh my, avenger_jcc. You mean you've never tried *nix?Quote:
tripwire, huh? I have to start playin with *nix.
it sounds so much better than windows.
Not even once?
*shudder* I'm sorry...I had no idea. Please accept my deepest condolences, and a gift for your suffering:
http://www.linuxiso.org/ :D
All your friends are doing it.