Feeling paranoid?

We all know there aren’t any linux viruses out in the wild (unlike most other OS’s like xp, vista or osx) and script kiddies don’t have much success doe to sudo in ubuntu.

So most people will be save. However …

Linux can be affected by rootkits.

A rootkit is a program (or combination of several programs) designed to take fundamental control (in Unix terms “root” access, in Windows “Administrator” access) of a computer system, without authorization by the system’s owners and legitimate managers. Access to the hardware (i.e., the reset switch) is rarely required as a rootkit is intended to seize control of the operating system running on the hardware. Typically, rootkits act to obscure their presence on the system through subversion or evasion of standard operating system security mechanisms.

Harmfull rootkits are pretty rare and I never heard of people getting one.

But if you are feeling paranoid, you can install rkhunter.

sudo apt-get install rkhunter

To run the program use this command.

sudo rkhunter -c

I’ve gotten two non-rootkit related warnings.

One for allowing ssh root access and one because there are hidden files on my box.

Nothing I didn’t knew.

You can get more info about the program and it’s options by just typing “rkhunter” in a terminal.

This small article on how a hacker would put a rootkit on your system is worth a read.

    • vinicius
    • July 23rd, 2008

    More paranoia? You can also search for rootkits by running chkrootkit

  1. July 25th, 2008

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: