Welcome, Guest. Please login or register.
+  Linux Soft Forum
|-+  Īnvaţă» Programe recomandate» Consola» rkhunter - Rootkit Hunter		 [Picture 161] [Picture 160] [Picture 159]
Username:
Password:
Home Help Login Register
 
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: rkhunter - Rootkit Hunter  (Read 1746 times)
0 Members and 1 Guest are viewing this topic.
sabertooth
Veteran
**

mysql killer
« on: December 29, 2006, 09:40:52 AM »
Rootkit scanner este o unealta de scanare care iti garanteaza 99.9%( Smiley ) ca nu esti "infectat". Aceasta aplicatie scaneaza dupa rootkit-uri, backdoor-uri si exploituri locale prin rularea unor teste:

- compararea MD5 hash
- cauta dupa fisiere default folosite de  rootkit-uri
- permisiuni gresite pentru binare
- cauta dupa siruri suspecte in modulele LKM si KLD
- cauta dupa fisiere ascunse
- Optional scan-eza inauntrul fisierelor text si a celor binare

Aplicatie Windows echivalenta: format c:/ ( am glumit ). RootkitRevealer

HomePage:
http://www.rootkit.nl/projects/rootkit_hunter.html

Docs:
http://www.rootkit.nl/articles/rootkit_hunter_faq.html
http://www.rootkit.nl/articles/rootkit_scanning_techniques.html
http://www.rootkit.nl/articles/rootkit_hunter_changelog.html
http://freshmeat.net/projects/rkhunter

DownLoad:
http://downloads.rootkit.nl/rkhunter-1.2.8.tar.gz plus hash MD5 (rkhunter-1.2.8.tar.gz) = 41122193b5006b617e03c637a17ae982

Licenta:
GPL

Platforme:
- AIX 4.1.5 / 4.3.3
- ALT Linux
- Aurora Linux
- CentOS 3.1 / 4.0
- Conectiva Linux 6.0
- Debian 3.x
- FreeBSD 4.3 / 4.4 / 4.7 / 4.8 / 4.9 / 4.10
- FreeBSD 5.0 / 5.1 / 5.2 / 5.2.1 / 5.3
- Fedora Core 1 / Core 2 / Core 3
- Gentoo 1.4, 2004.0, 2004.1
- Macintosh OS 10.3.4-10.3.8
- Mandrake 8.1 / 8.2 / 9.0-9.2 / 10.0 / 10.1
- OpenBSD 3.4 / 3.5
- Red Hat Linux 7.0-7.3 / 8 / 9
- Red Hat Enterprise Linux 2.1 / 3.0
- Slackware 9.0 / 9.1 / 10.0 / 10.1
- SME 6.0
- Solaris (SunOS)
- SuSE 7.3 / 8.0-8.2 / 9.0-9.2
- Ubuntu
- Yellow Dog Linux 3.0 / 3.01
- DaNix (Debian clone)
- PCLinuxOS
- VectorLinux SOHO 3.2 / 4.0
- CPUBuilders Linux
- Virtuozzo (VPS)
- nu merge pe NetBSD

Detectie pentru rootkits/backdoors/LKM's/worms:
55808 Trojan - Variant A
ADM W0rm
AjaKit
aPa Kit
Apache Worm
Ambient (ark) Rootkit
Balaur Rootkit
BeastKit
beX2
BOBKit
CiNIK Worm (Slapper.B variant)
Danny-Boy's Abuse Kit
Devil RootKit
Dica
Dreams Rootkit
Duarawkz Rootkit
Flea Linux Rootkit
FreeBSD Rootkit
fsck`it Rootkit
GasKit
Heroin LKM
HjC Rootkit
ignoKit
ImperalsS-FBRK
Irix Rootkit
Kitko
Knark
Li0n Worm
Lockit / LJK2
mod_rootme (Apache backdoor)
MRK
Ni0 Rootkit
NSDAP (RootKit for SunOS)
Optic Kit (Tux)
Oz Rootkit
Portacelo
R3dstorm Toolkit
RH-Sharpe's rootkit
RSHA's rootkit
Scalper Worm
Shutdown
SHV4 Rootkit
SHV5 Rootkit
Sin Rootkit
Slapper
Sneakin Rootkit
Suckit
SunOS Rootkit
Superkit
TBD (Telnet BackDoor)
TeLeKiT
T0rn Rootkit
Trojanit Kit
URK (Universal RootKit)
VcKit
Volc Rootkit
X-Org SunOS Rootkit
zaRwT.KiT Rootkit

si cativa cunoscuti sau necunoscuti sniffers, backdoors:
Anti Anti-sniffer
LuCe LKM
THC Backdoor

La inceputul anului 2006 Michael Boelen(dezvoltator si initiator al proiectului) a constat ca munca de mentenanta si dezvoltare a acestui proiect depaseste capacitatea de munca a 8 oameni asa ca l-a pus pe sourceforge pentru a putea atrage mai multi developeri in cadrul asteui proiect.

Ultima versiune stabila 1.2.8
« Last Edit: December 29, 2006, 11:53:28 AM by sabertooth » Logged
Stercus accidit
mudrii
Veteran
**
« Reply #1 on: January 04, 2007, 10:11:00 PM »
ADDON

Odata instalat puteti rula rkhunter cu comanda
# rkhunter -c

Daca vreti sa limitati scanarea doar la fisierele car pot fi infectate rualti comada utelizand --scan-knownbad-files
# rkhunter -c --scan-knownbad-files

rkhunter se updateaza in timp si puteti opta pt updateul la baza de date ce contine informatii despre recentele rootkit-ri aparute.
# rkhunter --update
Logged
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Theme by m3talc0re. Powered by SMF 1.1.5 | SMF © 2006-2008, Simple Machines LLC