Find the answer to your Linux question:
Results 1 to 7 of 7
Linux is not very secure any more!...we had a major attack on one of our linux boxes (redhat) which involved a recompile of the kernel using a rootkit. None of ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jul 2003
    Posts
    2

    LINUX has a RootKit problem!


    Linux is not very secure any more!...we had a major attack on one of our linux boxes (redhat) which involved a recompile of the kernel using a rootkit.

    None of the freeBSD machines were touched because there seem to be very few rootkits available.

    I'd say the major security issue with LINUX is going to be rootkits which really only work because the source is available.

    How may rootkits are there for LINUX at the moment?....what would be the best way to protect against such an attack?

  2. #2
    Linux Engineer kriss's Avatar
    Join Date
    Jun 2003
    Posts
    1,113
    Shure rootkit's are a pain in the a**, but there are a few tools to track them down. F.x. is "chkrootkit". It scans your whole system, and tells you if anything is wrong.
    Also, you have "tripwire" wich runs integrety check's on every file that should not be changed.

    Oh, and there is some root kits to windows aswell (read it at an maildng list)

  3. #3
    Linux Guru
    Join Date
    Apr 2003
    Location
    London, UK
    Posts
    3,284
    Download and install chkrootkit from http://www.chkrootkit.org/

    A RootKit does not facility in the initial penitration of your system. A rootkit is used after your machine has been attacked to provide an attacker with an easy "back door" to your system at a later date.

    There are plenty of things you can do to help prevent root kits. You may wish to look at security enhanced linux from the NSA: http://www.nsa.gov/selinux/index.html

    Also, you should make sure the attacker cannot get a shell on your mahine in the first place. This means turning off EVERYTHING which is not needed, putting a firewall in place, and ensuring those services you do make publicly available on your machine are locked down, and hardened where necessary.

    Jason

  4. #4
    Just Joined!
    Join Date
    Jul 2003
    Posts
    12
    why don't you try grsecurity patch ?
    you can make an ACL system that only lets the user's (i mean ANY user , even root ) to do a minimum of admin tasks , and that's it. You can hide everything you don't need to see .try it : www.grsecurity.net

  5. #5
    Linux Engineer Giro's Avatar
    Join Date
    Jul 2003
    Location
    England
    Posts
    1,219
    I agree with J its not Linux its normally the configuration of the machine which means its normally the admins fault. If you lock down a linux box and update it reguarly its a very secure OS!!

  6. #6
    flw
    flw is offline
    Linux Engineer
    Join Date
    Mar 2003
    Location
    U.S.A.
    Posts
    1,025
    Just like windex, if you leave the default config and unpatched with no additonal protection like a firewall, AV (yes even for linux) your going to get hit sooner or later. Only a matter of when.

    I've had a bot after one of my linux servers for over two years coming from different ip's but uses the same method/signiture so its clear its original source is the same for all ip's. It just keeps using the same tatic from different rooted servers. I just put the several precautions in place so it keeps banging away once attempt per day over and over. All this from just reading my log files daily. This seems to have become a lost concept which blows my mind. It's only one of several methods all net admin's should use in daily security checks. Some admin's seem to rely solely on IDS to do all the work for them. Artificial intelligence cannot replace human intelligent at this point.

    This applies to all variations of linux, windex or netware. I can only assume it applies to other true Unix variations, VMS and other old but still alive Network OS's.
    Dan

    \"Keep your friends close and your enemies even closer\" from The Art of War by Sun Tzu\"

  7. #7
    Just Joined!
    Join Date
    Dec 2006
    Posts
    10
    Rootkits are a bit of a wory on any system but since the majority of linux machines being activly targeted are servers I would worry more about stuff like PHP web file browsers.
    Generally linux usage is so low for desktops and so high for servers that apache is the primary target and if you infect a server with a web file browser you dont have to worry about bypassing firewalls or anything.
    If I was into such naughty things as hacking thats what I would do.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •