Rkhunter (Rootkit Hunter) is an open source Unix/Linux based scanner tool for Linux systems released under GPL that scans backdoors, rootkits and local exploits on your systems. It scans hidden files, wrong permissions set on binaries, suspicious strings in kernel etc. To know more about Rkhunter and its features visit http://www.rootkit.nl/.
Installation
cd /usr/local/src
wget https://dl.dropbox.com/s/i5sd0ljp6pejhn6/rkhunter-1.4.0.tar.gz
wget http://downloads.sourceforge.net/project/rkhunter/rkhunter/1.4.0/rkhunter-1.4.0.tar.gz
tar -xzvf rkhunter-1.4.0.tar.gz
cd rkhunter-1.4.0
./installer.sh --install
rkhunter --check
echo "Rkhunter successfully installed!"
log : /var/log/rkhunter.log
To update it
=========
rkhunter --update
rkhunter --propupd
=========
set crontab to scan and email the report
#!/bin/sh
(
/usr/local/bin/rkhunter --versioncheck
/usr/local/bin/rkhunter --update
/usr/local/bin/rkhunter --cronjob --report-warnings-only
) | /bin/mail -s 'rkhunter Daily Run (PutYourServerNameHere)' your@email.com
Saturday, February 9, 2013
CHKRootKit –Detects hacker software and notifies via email
Please keep in mind that, you can use chkrootkit to find the files and processes associated with a rootkit, but you can’t be 100% sure that all pieces of rootkits are found and removed. You can safeguard your system from rootkits by ensuring that all applications and softwares are up-to-date and the system kept patched against all known vulnerabilities.
cd /usr/local/src
wget https://dl.dropbox.com/s/4rmbi1dmifn4si2/chkrootkit.tar.gz
wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz
tar -xvzf chkrootkit.tar.gz
cd chkrootkit-*/
make sense
./chkrootkit
cd ..
echo "CHRootKit has been installed!"
Enable Automatic Server Scanning
You can add a cron entry for running chkrootkit automatically and send a scan report to your mail address. Create and add the following entries to “/etc/cron.daily/chkrootkit.sh”
#!/bin/sh
(
/usr/local/chkrootkit/chkrootkit
) | /bin/mail -s ‘CHROOTKIT Daily Run (ServerName)’ your@email.com
cd /usr/local/src
wget https://dl.dropbox.com/s/4rmbi1dmifn4si2/chkrootkit.tar.gz
wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz
tar -xvzf chkrootkit.tar.gz
cd chkrootkit-*/
make sense
./chkrootkit
cd ..
echo "CHRootKit has been installed!"
Enable Automatic Server Scanning
You can add a cron entry for running chkrootkit automatically and send a scan report to your mail address. Create and add the following entries to “/etc/cron.daily/chkrootkit.sh”
#!/bin/sh
(
/usr/local/chkrootkit/chkrootkit
) | /bin/mail -s ‘CHROOTKIT Daily Run (ServerName)’ your@email.com
Tuesday, February 5, 2013
Creating custom php.ini for needed users
If you have a site on your cPanel VPS that needs a custom php.ini file, you can set that up by following these steps:
1,Copy /usr/local/lib/php.ini to the site's Web root folder (public_html).
>cp /usr/local/lib/php.ini /home/USERNAME/public_html
2,Make sure the file is owned by their cPanel user
>chown USERNAME:USERNAME php.ini
3,Add the following to the site's ".htaccess" file
SetEnv PHPRC /home/USERNAME/public_html/php.ini
or
suPHP_conf /home/user/someplace/php.ini
Custom Values should be added in .htaccess in a format as shown in example below
php_value memory_limit 128M
php_value max_execution_time 3600
php_value post_max_size 5M
php_value upload_max_filesize 5M
1,Copy /usr/local/lib/php.ini to the site's Web root folder (public_html).
>cp /usr/local/lib/php.ini /home/USERNAME/public_html
2,Make sure the file is owned by their cPanel user
>chown USERNAME:USERNAME php.ini
3,Add the following to the site's ".htaccess" file
SetEnv PHPRC /home/USERNAME/public_html/php.ini
or
suPHP_conf /home/user/someplace/php.ini
Custom Values should be added in .htaccess in a format as shown in example below
php_value memory_limit 128M
php_value max_execution_time 3600
php_value post_max_size 5M
php_value upload_max_filesize 5M
Subscribe to:
Posts (Atom)