Highest Voted 'rootkit' Questions - Server Fault Stack Exchange

2

votes

1 answer

Check all debian binaries against the checksum of the original

I would like to check all binaries on my server against dpkg -e (for example rkhunter could do this check against the originals when doing probupdate) How could I check all packages with one script?

asked Oct 24 '13 at 17:07

rubo77

2,282
3
32
63

2

votes

1 answer

Suspicious file types found in /dev ASCII text

rkhunter complains about this: Warning: Suspicious file types found in /dev: /dev/.udev/queue.bin: data /dev/.udev/data/c13:66: ASCII text /dev/.udev/data/c13:64: ASCII text /dev/.udev/data/c13:65: ASCII text …

rootkit

asked Oct 24 '13 at 16:35

rubo77

2,282
3
32
63

2

votes

1 answer

RKHunter reports change in file properties, but different hash length

RKHunter reports change in file properties, but the strange thing is that the hash length is different in the current hash an in the stored hash. [11:47:13] Warning: The file properties have changed: [11:47:13] File:…

linux rootkit rkhunter

asked Sep 09 '13 at 09:52

Zhen

2,109
4
19
31

2

votes

1 answer

remove shared library from sshd

mv /lib64/libkeyutils.so.1.9 /root service sshd restart Stopping sshd: [ OK ] Starting sshd: /usr/sbin/sshd: error while loading shared libraries: libkeyutils.so.1: cannot open shared object file: No…

linux ssh hacking libraries rootkit

asked Feb 08 '13 at 17:39

Tiffany Walker

6,541
13
53
77

2

votes

2 answers

How to keep track of the serverconfiguration: keep entire "/etc" in git

I want to keep my whole /etc folder in a git repository to track unauthorised changes by intruders and find out mistakes I could have done myself. What would be the right way to achieve this?

security git rootkit etc

asked Nov 01 '12 at 22:47

rubo77

2,282
3
32
63

2

votes

4 answers

My computer is sending ICMP packets to arbitrary destinations

My computer is sending ICMP packets to arbitrary destinations. I can't understand the reason. Dump of one of the packet is : Internet Control Message Protocol Type: 3 (Destination unreachable) Code: 3 (Port unreachable) Checksum: 0x811b…

windows hacking icmp rootkit packets

asked Feb 14 '11 at 19:02

user58859

518
3
7
17

1

vote

3 answers

Recognize rootkit-taken server

First, I'm not looking for software for detection of rootkits planted into server, as this may and may not work, especially on live system. I'm curious to find out what would be the signs of rootkit takeover of one server. At least what damage and…

security malware rootkit

asked Apr 23 '17 at 09:28

Miloš Đakonović

640
3
9
28

1

vote

1 answer

Are rkhunter and chrootkit still effective linux rootkit scanners?

AFAICT neither have had much activity since the first half of 2014. Are there any other open source linux root scanners out there or reasonable commercial alternatives?

security rootkit rkhunter

asked Jan 17 '16 at 13:36

steveinatorx

111
4

1

vote

1 answer

How to prevent wunderbar_emporium rootkit

I just learned about the wunderbar_emporium rootkit, and it sounds pretty nasty. I tested it on a few linux servers I have access to, and while it failed on two of them, it was successful on one with kernel 2.6.9-78.0.13.ELsmp. What's the best way…

linux rootkit

asked Oct 09 '09 at 15:39

Josh

9,001
27
78
124

1

vote

1 answer

Find a script which writes in /var/tmp

I discover that one of my partition was full. rootfs 20G 1,8G 17G 10% / /dev/root 20G 1,8G 17G 10% / devtmpfs 7,8G 184K 7,8G 1% /dev none 7,8G 0 7,8G 0% /dev/shm none …

linux www-data rootkit

asked Oct 29 '14 at 11:33

Raphaël

143
7

1

vote

1 answer

Rkhunter triggered last night warning for a possible infection. What next?

Last night rkhunter triggered with the following warnings: [04:10:23] Warning: Network TCP port 32982 is being used by /usr/lib/apache2/mpm-prefork/apache2. Possible rootkit: Solaris Wanuk Use the 'lsof -i' or 'netstat -an' command to…

linux debian anti-virus rootkit rkhunter

asked Feb 27 '13 at 11:19

Luuk D. Jansen

157
2
7

1

vote

2 answers

Squid showed up on port 8080. Possible Rootkit?

I recently attempted to connect to my EC2 server on 8080 and had some strange issues that weren't occurring earlier. NGinx (though setup for :81) captures any requests on port 8080. If I stop nginx, I get a "Connection Refused" message from a…

networking amazon-ec2 amazon-web-services squid rootkit

asked Jan 07 '13 at 02:34

GuyNoir

153
3
9

1

vote

2 answers

running a high CPU consuming process, but top/htop show ALL process cpu 0%?

all. I have these weird servers can not explained as follow: htop 1 [||||||||||||||| 28.5%] Tasks: 53 total, 1 running 2 [|||||||||||||||| 31.1%] Load average: 0.00 0.00 0.00 3 …

central-processing-unit rootkit

asked Nov 19 '11 at 17:56

kiiwii

131
1
6

1

vote

1 answer

What is "ndptsp.tsp"?

Sophos Anti-Rootkit tells me that on one of our web servers, there is an "unknown hidden file" ndptsp.tsp: Area: Local hard drives Description: Unknown hidden file Location: C:\Windows\System32\ndptsp.tsp Removable: Yes (but clean up…

windows windows-server-2008 anti-virus rootkit sophos

asked Oct 12 '11 at 06:54

Uwe Keim

2,370
4
29
46

1

vote

1 answer

HOw to view all Logs in OSSSEC system ubuntu

I have installed OSSEC It is working and sometime sending me alert email as well. But i want to see what can i type so that i can get view all the logs of what OSSEC has found in my system

linux security rootkit ossec

asked Oct 07 '10 at 02:52

John

Questions tagged [rootkit]