Can chkrootkit detect modified (or new) rootkit versions?
If chkrootkit can’t find a known signature inside a file, it can’t automatically determine if it has been trojaned. Try to run chkrootkit in expert mode (-x option) — in this mode the user can examine suspicious strings in the binary programs that may indicate a trojan.
For example, lots of data can be seen with:
Pathnames inside system commands:
# ./chkrootkit -x | egrep ‘^/’
If a network device is in promiscuous mode, the kernel will receive all network traffic (i.e., the CPU load will increase). Then the latency of network responses will also increase, which can be detected.
promisc mode is a configuration of a network card that makes the card pass all traffic it receives to the central processing unit rather than just frames addressed to it — a feature normally used for packet sniffing.
Each frame includes the hardware (Media Access Control) address. When a network card receives a frame, it normally drops it unless the frame is addressed to that card. In promiscuous mode, however, the card allows all frames through, thus allowing the computer to read frame intended for other machines or network devices.
Many operating systems require superuser privileges to enable promiscuous mode. Ifconfig command can be used to enable this mode
[-]promisc
Enable or disable the promiscuous mode of the interface. If
selected, all packets on the network will be received by the
interface.
Step 1 Add your admin user to the ‘wheel’ group so that you will be able to ’su -’ to root, otherwise you may lock yourself out of root.
Adding user to the wheel group.
usermod -g wheel username
Edit /etc/ssh/sshd_config file.
Next, find the line PermitRootLogin yes and Uncomment it and make it look like PermitRootLogin no
Now restart SSH
/etc/rc.d/init.d/sshd restart
Email Alert on Root SSH Login
Login to your server as root user
Add the following to the end of the file.
echo ‘ALERT - Root Shell Access on $hostname:’ `date` `who` |
mail -s “Alert: Root Access from `who | cut -d”(” -f2 | cut -d”)” -f1`” admin@serverbuddies.com
Settings for ifcfg-eth0
The /etc/sysconfig/network-scripts/ifcfg-eth0 file should have the following.
—/etc/sysconfig/network-scripts/ifcfg-eth0 begin file–
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=static
IPADDR=IP_address_host_server
NETMASK=netmask_value (please check with your service provider)
GATEWAY=ip_address_gateway
—/etc/sysconfig/network-scripts/ifcfg-eth0 end file–
Before you use Parallels Pro Control Panel to perform provisioning or management operations, you must provide the license key information, if you have not provided the information at the time of installation. You receive the license key in the order confirmation email when you buy Parallels Pro Control Panel.
