http://www.lumacaonline.org/kiwi/index.php?action=history&feed=atom&title=Antivirus_%2F_RootKitAntivirus / RootKit - Cronologia2026-05-11T20:26:48ZCronologia della pagina su questo sitoMediaWiki 1.39.1http://www.lumacaonline.org/kiwi/index.php?title=Antivirus_/_RootKit&diff=10&oldid=prevAward: Creata pagina con "'''Zeppoo Software''' Zeppoo - Zeppoo allows you to detect rootkits on i386 and x86_64 architecture under Linux, by using /dev/kmem and /dev/mem. Moreover it can also detec..."2017-08-16T22:20:49Z<p>Creata pagina con "'''Zeppoo Software''' Zeppoo - Zeppoo allows you to detect rootkits on i386 and x86_64 architecture under Linux, by using /dev/kmem and /dev/mem. Moreover it can also detec..."</p>
<p><b>Nuova pagina</b></p><div>'''Zeppoo Software'''<br />
<br />
Zeppoo - Zeppoo allows you to detect rootkits on i386 and x86_64 architecture under Linux,<br />
<br />
by using /dev/kmem and /dev/mem.<br />
<br />
Moreover it can also detect hidden tasks, connections, corrupted symbols, system calls and so many other things.<br />
Download source code [http://sourceforge.net/projects/zeppoo]<br />
<br />
'''Chkrootkit Software'''<br />
<br />
Chkrootkit - chkrootkit is a tool to locally check for signs of a rootkit. Type the following command to install chkrootkit<br />
<br />
$ sudo apt-get install chkrootkit<br />
<br />
Start looking for rootkits, enter:<br />
<br />
$ sudo chkrootkit<br />
<br />
Look for suspicious strings, enter:<br />
<br />
$ sudo chkrootkit -x | less<br />
<br />
You need to specify the path for the external commands used by chkrootkit such as awk, grep and others.<br />
<br />
Mount /mnt/safe using nfs in read-only mode and set /mnt/safe binaries PATH as trusted one, enter:<br />
<br />
$ sudo chkrootkit -p /mnt/safe<br />
<br />
'''rkhunter software'''<br />
<br />
rkhunter - rkhunter (Rootkit Hunter) is a Unix-based tool that scans for rootkits, backdoors and possible local exploits.<br />
<br />
rkhunter is a shell script which carries out various checks on the local system to try and detect known rootkits and malware.<br />
<br />
It also performs checks to see if commands have been modified, if the system startup files have been modified, <br />
<br />
and various checks on the network interfaces, including checks for listening applications. <br />
<br />
Type the following command to install rkhunter:<br />
<br />
$ sudo apt-get install rkhunter<br />
<br />
The following command option tells rkhunter to perform various checks on the local system:<br />
<br />
$ sudo rkhunter --check<br />
<br />
The following command option causes rkhunter to check if there is a later version of any of its text data files:<br />
<br />
$ sudo rkhunter --update<br />
<br />
The following option tells rkhunter which directories to look in to find the various commands it requires:<br />
$ sudo rkhunter --check --bindir /mnt/safe<br />
<br />
'''Recommended readings:'''<br />
man pages - rkhunter and chkrootkit<br />
[http://rkhunter.sourceforge.net/] Rkhunter Project home page<br />
[http://www.chkrootkit.org/] chkrootkit Project home page</div>Award