Welcome to Linux Forums! With a comprehensive Linux Forum, information on various types of Linux software and many Linux Reviews articles, we have all the knowledge you need a click away, or accessible via our knowledgeable members.
Find the answer to your Linux question:
New to Linux Forums? Register here for free!
    Linux Forums > GNU Linux Zone > Linux Security > LINUX has a RootKit problem!

Forgot Password?
 Linux Security   Discussion about keeping your machines secure, and the crackers out.

Site Navigation
Linux Articles
Linux Forums
Linux Downloads
Linux Hosting
Free Magazines
Job Board
IRC Chat
RSS Feeds


Linux Forum Topics
Linux Forums
Your Distro
Linux Resources
GNU Linux Zone
The Community
Closed Thread
 
Thread Tools Display Modes
Old 07-07-2003   #1 (permalink)
Just Joined!
 
Join Date: Jul 2003
Posts: 2
LINUX has a RootKit problem!

Linux is not very secure any more!...we had a major attack on one of our linux boxes (redhat) which involved a recompile of the kernel using a rootkit.

None of the freeBSD machines were touched because there seem to be very few rootkits available.

I'd say the major security issue with LINUX is going to be rootkits which really only work because the source is available.

How may rootkits are there for LINUX at the moment?....what would be the best way to protect against such an attack?
neko is offline  


Old 07-07-2003   #2 (permalink)
Linux Engineer
 
kriss's Avatar
 
Join Date: Jun 2003
Posts: 1,113
Shure rootkit's are a pain in the a**, but there are a few tools to track them down. F.x. is "chkrootkit". It scans your whole system, and tells you if anything is wrong.
Also, you have "tripwire" wich runs integrety check's on every file that should not be changed.

Oh, and there is some root kits to windows aswell (read it at an maildng list)
kriss is offline  
Old 07-07-2003   #3 (permalink)
Linux Guru
 
Join Date: Apr 2003
Location: London, UK
Posts: 3,284
Download and install chkrootkit from http://www.chkrootkit.org/

A RootKit does not facility in the initial penitration of your system. A rootkit is used after your machine has been attacked to provide an attacker with an easy "back door" to your system at a later date.

There are plenty of things you can do to help prevent root kits. You may wish to look at security enhanced linux from the NSA: http://www.nsa.gov/selinux/index.html

Also, you should make sure the attacker cannot get a shell on your mahine in the first place. This means turning off EVERYTHING which is not needed, putting a firewall in place, and ensuring those services you do make publicly available on your machine are locked down, and hardened where necessary.

Jason
jasonlambert is offline  
Old 08-16-2003   #4 (permalink)
Just Joined!
 
Join Date: Jul 2003
Posts: 12
why don't you try grsecurity patch ?
you can make an ACL system that only lets the user's (i mean ANY user , even root ) to do a minimum of admin tasks , and that's it. You can hide everything you don't need to see .try it : www.grsecurity.net
patetobg is offline  
Old 08-16-2003   #5 (permalink)
Linux Engineer
 
Giro's Avatar
 
Join Date: Jul 2003
Location: England
Posts: 1,219
I agree with J its not Linux its normally the configuration of the machine which means its normally the admins fault. If you lock down a linux box and update it reguarly its a very secure OS!!
Giro is offline  
Old 08-17-2003   #6 (permalink)
flw
Linux Engineer
 
Join Date: Mar 2003
Location: U.S.A.
Posts: 1,025
Just like windex, if you leave the default config and unpatched with no additonal protection like a firewall, AV (yes even for linux) your going to get hit sooner or later. Only a matter of when.

I've had a bot after one of my linux servers for over two years coming from different ip's but uses the same method/signiture so its clear its original source is the same for all ip's. It just keeps using the same tatic from different rooted servers. I just put the several precautions in place so it keeps banging away once attempt per day over and over. All this from just reading my log files daily. This seems to have become a lost concept which blows my mind. It's only one of several methods all net admin's should use in daily security checks. Some admin's seem to rely solely on IDS to do all the work for them. Artificial intelligence cannot replace human intelligent at this point.

This applies to all variations of linux, windex or netware. I can only assume it applies to other true Unix variations, VMS and other old but still alive Network OS's.
__________________
Dan

\"Keep your friends close and your enemies even closer\" from The Art of War by Sun Tzu\"
flw is offline  
Old 07-27-2009   #7 (permalink)
Just Joined!
 
Join Date: Dec 2006
Posts: 10
Rootkits are a bit of a wory on any system but since the majority of linux machines being activly targeted are servers I would worry more about stuff like PHP web file browsers.
Generally linux usage is so low for desktops and so high for servers that apache is the primary target and if you infect a server with a web file browser you dont have to worry about bypassing firewalls or anything.
If I was into such naughty things as hacking thats what I would do.
Darksat is offline  
Closed Thread


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off

Free Magazines
Run Your Own Web Server Using Linux & Apache - Free 191 Page Preview
Learn about everything you'll need to build and maintain your Linux servers, and to deploy Web applications to them.
subscribe
Open Source Security Myths Dispelled
Dispel the five major myths surrounding Open Source Security and gain the tools necessary to make a truly informed decision for your IT organization
subscribe
InformationWeek
InformationWeek is the only newsweekly you'll need to stay on top of the latest developments in information technology.
subscribe



All times are GMT. The time now is 02:35 AM.






© 2000 - 2009 - All Rights Reserved - Property of  MAS Media

Content Relevant URLs by vBSEO 3.3.0 RC2