Welcome to Linux Forums! With a comprehensive Linux Forum, information on various types of Linux software and many Linux Reviews articles, we have all the knowledge you need a click away, or accessible via our knowledgeable members.
Hello,
I have a question about a rootkit, actually the one my friends business has. For certain reasons he does not want to reinstall the software, and he was dumb and didnt have a backup. He lives 200 miles away and I set up the server for him a long time ago. He does not know much about Linux the box just sits there and does what he needs. IF any changes need to be made I SSH into it and do whatever. Since I cant get access to the machine, I need to take care of this the hard way.
I know he has a rootkit, because he has some tools like 'ls' that are working strangly, and the root password changed on its own. How can I find what tools have been corrupted? Also how can I find the rootkit source code? Is there a certain directory it is stored in? of will a find or grep command beable to find it with certain key words? he has taken it off line and I can SSH to it from a different machine on his network. I will be going there in about 6 weeks to run a root kit detection tool on it, but I want to check and see the extent of the damage and to learn for myself more about root kits.
Hopefully he's taken the machine off line and will not put it back on line until it's fixed.
There's no sure fire way of knowing that you've cleaned up the machine. The only way to ensure that you have a clean machine is to wipe out the partitions, format the drives and reinstall the OS.
with that you can find out exactly what it is you have and act accordingly, it's also usefull to have for being proactive about security
__________________
"The search for the MOT JUSTE is not a pedantic fad but a vital necessity. Words are our precision tools. Imprecision engenders ambiguity and hours are wasted in removing verbal misunderstandings before the argument of substance can begin."
Do the things you use not respect you, the user? Then it's defective by design, so make your voice heard.
this happened to me 1 months ago and this forum give some good information, but if you infected by suckit rootkit i have a link that maybe you can try it
A Newbie's Getting Started Guide to Linux
Learn the basics of the Linux operating systems. Get to know what it is all about, and familiarize yourself with the practical side. Basically, if you're a complete Linux newbie and looking for a quick and easy guide to get you started this is it. subscribe
Open Source Security Myths Dispelled Dispel the five major myths surrounding Open Source Security and gain the tools necessary to make a truly informed decision for your IT organization subscribe
InformationWeek InformationWeek is the only newsweekly you'll need to stay on top of the latest developments in information technology. subscribe
Linux Security Discussion about keeping your machines secure, and the crackers out.
Submit Your Article
Latest Articles
Article Categories
Join Linux Forums Today
Linear Mode
