[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-security] How to install chkrootkit
- Subject: RE: [cobalt-security] How to install chkrootkit
- From: "Steven Young" <steven.young@xxxxxxxxxxxxxxx>
- Date: Fri, 29 Nov 2002 17:40:53 -0000
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
> I think I have acquired a copy of chkrootkit. But I am
> unaware of the best way to install this software on a Sun
> Cobalt Qube 3 Professional. It was downloaded from
> http://www.chkrootkit.com/#related_links but does not appear
> to be the typical pkg that I can run the install manually on.
> Any help would be appreciated, I am somewhat of a Linux
> newbie. And seriously interested in the enhanced security
> monitoring capabilities that chkrootkit can offer.
>
> Stefan Wynn Jones
chkrootkit is nice and easy to install and setup from source. I did the
following on a RaQ3 but I'm sure you can follow the following on a Qube
too.
SSH to your Qube and SU - to root
To install:-
------------
mkdir /usr/local/src (if it doesn't already exist)
cd /usr/local/src
wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz (grabs
latest version of source 0.37)
tar -xzf chkrootkit.tar.gz
cd chkrootkit-0.37
make sense
cd ..
mv chkrootkit-0.37 /usr/local/
chown -R root:root /usr/local/chkrootkit-0.37
To run:-
--------
cd /usr/local/chkrootkit-0.37
./chkrootkit
To run automatically each day:-
-------------------------------
Edit /etc/crontab with the text editor of your choice (emacs / pico / vi
/ etc..) and add following to it:-
# Run chkrootkit-0.37 daily at 6.30am and email output to root.
30 6 * * * root (cd /usr/local/chkrootkit-0.37; ./chkrootkit 2>&1 | mail
-s "chkrootkit output" root)
Now restart the cron daemon:-
/etc/rc.d/init.d/crond restart
and you should now recieve an email to root each day at 6.30 am.
Hope this helps,
Steven Young