Bruno Posted February 19, 2005 Author Share Posted February 19, 2005 Hi ShamgarNext thing you do is make a link to the executable: # cd /home/shamgar# ln -s /usr/local/bin/rkhunter/rkhunter /usr/bin/rkhunter Now the link /usr/bin/rkhunter is in you path you can run the program: # rkhunter -c --createlogfile Bruno Quote Link to comment Share on other sites More sharing options...
Shamgar Posted February 19, 2005 Share Posted February 19, 2005 Thanks!I lost my terminal info after creating the link. Where I am supposed to be to add the command :(Where in under su?)# rkhunter -c --createlogfile? Quote Link to comment Share on other sites More sharing options...
Bruno Posted February 19, 2005 Author Share Posted February 19, 2005 Yep you open a terminal . . . do "su" and give the command . . . that is all . . and you will get a report of the output on your screen . . :DB) Bruno Quote Link to comment Share on other sites More sharing options...
Shamgar Posted February 19, 2005 Share Posted February 19, 2005 Thanks for the reply! This is what I received as a present from my terminal window:Shamgar@linux:~> suPassword:linux:/home/Shamgar # rkhunter -c --createlogfilebash: rkhunter: command not foundlinux:/home/Shamgar #Where am I going wrong? Quote Link to comment Share on other sites More sharing options...
Bruno Posted February 19, 2005 Author Share Posted February 19, 2005 You might want to do this command again Shamgar: ( the link apparently di not "take" ) ln -s /usr/local/bin/rkhunter/rkhunter /usr/bin/rkhunter And then try again :"> Bruno Quote Link to comment Share on other sites More sharing options...
Shamgar Posted February 19, 2005 Share Posted February 19, 2005 First retry:Shamgar@linux:~> suPassword:linux:/home/Shamgar # ln -s /usr/local/bin/rkhunter/rkhunter /usr/bin/rkhunterlinux:/home/Shamgar # rkhunter -c --createlogfilebash: rkhunter: command not foundlinux:/home/Shamgar #Second retry:Shamgar@linux:~> suPassword:linux:/home/Shamgar # ln -s /usr/local/bin/rkhunter/rkhunter /usr/bin/rkhunterln: `/usr/bin/rkhunter': File existslinux:/home/Shamgar # rkhunter -c --createlogfilebash: rkhunter: command not foundlinux:/home/Shamgar # Quote Link to comment Share on other sites More sharing options...
Bruno Posted February 19, 2005 Author Share Posted February 19, 2005 ??? strangelet me see: ls -al /usr/bin/rkhunter I want to check if it is executable Bruno Quote Link to comment Share on other sites More sharing options...
Shamgar Posted February 19, 2005 Share Posted February 19, 2005 Shamgar@linux:~> suPassword:linux:/home/Shamgar # ls -al /usr/bin/rkhunterlrwxrwxrwx 1 root root 32 2005-02-19 14:32 /usr/bin/rkhunter -> /usr/local/bin/rkhunter/rkhunterlinux:/home/Shamgar # For some reason my smiley from Smiley Xtra throwing the computer doesn't show up. Quote Link to comment Share on other sites More sharing options...
Shamgar Posted February 19, 2005 Share Posted February 19, 2005 (edited) Good computer, good boy! Shamgar has a present for you . . . a 3 pound sledge hammer. Edited February 19, 2005 by Shamgar Quote Link to comment Share on other sites More sharing options...
Bruno Posted February 19, 2005 Author Share Posted February 19, 2005 LOL !!!Okay now try this: /usr/bin/rkhunter -c --createlogfile That will work . . . it seems that /usr/bin is not "in the path" of root, but only in that of the user in SUSE . . . so you have to give the full path . . . Bruno Quote Link to comment Share on other sites More sharing options...
Shamgar Posted February 19, 2005 Share Posted February 19, 2005 Is this what you wanted coded?Shamgar@linux:~> suPassword:linux:/home/Shamgar # cd /usr/binlinux:/usr/bin # rkhunter -c --createlogfilebash: rkhunter: command not foundlinux:/usr/bin # Quote Link to comment Share on other sites More sharing options...
Bruno Posted February 19, 2005 Author Share Posted February 19, 2005 Nope . . do not CD first . . . . . . just:/usr/bin/rkhunter -c --createlogfileB) Bruno Quote Link to comment Share on other sites More sharing options...
Shamgar Posted February 19, 2005 Share Posted February 19, 2005 Actually, I tried that first before I sent the last one.Shamgar@linux:~> suPassword:linux:/home/Shamgar # /usr/bin/rkhunter -c --createlogfilebash: /usr/bin/rkhunter: Not a directorylinux:/home/Shamgar #Let's see how would I describe my feeling for computers . . . . Quote Link to comment Share on other sites More sharing options...
Bruno Posted February 19, 2005 Author Share Posted February 19, 2005 This is getting stranger by the minute . . . let me see ls -al /usr/local/bin/rkhunter/rkhunter Bruno Quote Link to comment Share on other sites More sharing options...
Shamgar Posted February 19, 2005 Share Posted February 19, 2005 Okay, here it is:Shamgar@linux:~> suPassword:linux:/home/Shamgar # /usr/bin/rkhunter -c --createlogfilebash: /usr/bin/rkhunter: Not a directorylinux:/home/Shamgar # ls -al /usr/local/bin/rkhunter/rkhunter/bin/ls: /usr/local/bin/rkhunter/rkhunter: Not a directorylinux:/home/Shamgar #You cannot win you evil computer! Quote Link to comment Share on other sites More sharing options...
Bruno Posted February 19, 2005 Author Share Posted February 19, 2005 Ahaaaaanow let me see: ls -al /usr/local/bin/rkhunter Bruno Quote Link to comment Share on other sites More sharing options...
Shamgar Posted February 19, 2005 Share Posted February 19, 2005 That did something:Shamgar@linux:~> suPassword:linux:/home/Shamgar # /usr/bin/rkhunter -c --createlogfilebash: /usr/bin/rkhunter: Not a directorylinux:/home/Shamgar # ls -al /usr/local/bin/rkhunter/rkhunter/bin/ls: /usr/local/bin/rkhunter/rkhunter: Not a directorylinux:/home/Shamgar # ls -al /usr/local/bin/rkhunter-rwxr-x--- 1 root root 138980 2005-02-19 12:19 /usr/local/bin/rkhunterlinux:/home/Shamgar # Quote Link to comment Share on other sites More sharing options...
Bruno Posted February 19, 2005 Author Share Posted February 19, 2005 What a puzzle !now try /usr/local/bin/rkhunter -c --createlogfile And if that works we will make another link after removing the old one in /usr/binB) Bruno Quote Link to comment Share on other sites More sharing options...
Shamgar Posted February 19, 2005 Share Posted February 19, 2005 This is what happened. I haven't " Press <ENTER> to continue" so say if you want me to. . . -rwxr-x--- 1 root root 138980 2005-02-19 12:19 /usr/local/bin/rkhunterlinux:/home/nemmers # /usr/local/bin/rkhunter -c --createlogfileRootkit Hunter 1.2.0 is runningDetermining OS... ReadyChecking binaries* Selftests Strings (command) [ OK ]* System tools Performing 'known good' check... /bin/cat [ OK ] /bin/chmod [ OK ] /bin/chown [ OK ] /bin/dmesg [ OK ] /bin/egrep [ OK ] /bin/fgrep [ OK ] /bin/grep [ OK ] /bin/kill [ OK ] /bin/login [ OK ] /bin/ls [ OK ] /bin/mount [ OK ] /bin/netstat [ OK ] /bin/ps [ OK ] /bin/su [ OK ] /sbin/chkconfig [ OK ] /sbin/depmod [ OK ] /sbin/ifconfig [ OK ] /sbin/insmod [ OK ] /sbin/ip [ OK ] /sbin/modinfo [ OK ] /sbin/sysctl [ OK ] /sbin/syslogd [ OK ] /sbin/init [ OK ] /sbin/runlevel [ OK ] /usr/bin/find [ OK ] /usr/bin/file [ OK ] /usr/bin/killall [ OK ] /usr/bin/lsattr [ OK ] /usr/bin/pstree [ OK ] /usr/bin/stat [ OK ] /usr/bin/sha1sum [ OK ] /usr/bin/users [ OK ] /usr/bin/w [ OK ] /usr/bin/watch [ OK ] /usr/bin/who [ OK ] /usr/bin/whoami [ OK ] /usr/sbin/cron [ OK ][Press <ENTER> to continue]Panzers. . . . Fire! Quote Link to comment Share on other sites More sharing options...
Bruno Posted February 19, 2005 Author Share Posted February 19, 2005 No let us interrupt it for a moment and set up proper links first so you can use it the "normal" wayDo:Ctrl+CThen you will get the prompt back and I will post the commandsB) Bruno Quote Link to comment Share on other sites More sharing options...
Shamgar Posted February 19, 2005 Share Posted February 19, 2005 Okay, I did the control c[Press <ENTER> to continue]linux:/home/Shamgar # Quote Link to comment Share on other sites More sharing options...
Bruno Posted February 19, 2005 Author Share Posted February 19, 2005 PART 2Here are the commands: # rm -rf /usr/bin/rkhunter# ln -s /usr/local/bin/rkhunter /usr/sbin/rkhunter# rkhunter -c --createlogfile Now it should work in the "normal" way . . . . I still wonder why SUSE lets you make a link to a file that dows not exist . . . . crazy ! :PB) Bruno Quote Link to comment Share on other sites More sharing options...
Shamgar Posted February 19, 2005 Share Posted February 19, 2005 Okay this is what happened. Again I have not pressed "Enter" to continue.linux:/home/nemmers # rm -rf /usr/bin/rkhunterlinux:/home/nemmers # ln -s /usr/local/bin/rkhunter /usr/sbin/rkhunterlinux:/home/nemmers # rkhunter -c --createlogfileRootkit Hunter 1.2.0 is runningDetermining OS... ReadyChecking binaries* Selftests Strings (command) [ OK ]* System tools Performing 'known good' check... /bin/cat [ OK ] /bin/chmod [ OK ] /bin/chown [ OK ] /bin/dmesg [ OK ] /bin/egrep [ OK ] /bin/fgrep [ OK ] /bin/grep [ OK ] /bin/kill [ OK ] /bin/login [ OK ] /bin/ls [ OK ] /bin/mount [ OK ] /bin/netstat [ OK ] /bin/ps [ OK ] /bin/su [ OK ] /sbin/chkconfig [ OK ] /sbin/depmod [ OK ] /sbin/ifconfig [ OK ] /sbin/insmod [ OK ] /sbin/ip [ OK ] /sbin/modinfo [ OK ] /sbin/sysctl [ OK ] /sbin/syslogd [ OK ] /sbin/init [ OK ] /sbin/runlevel [ OK ] /usr/bin/find [ OK ] /usr/bin/file [ OK ] /usr/bin/killall [ OK ] /usr/bin/lsattr [ OK ] /usr/bin/pstree [ OK ] /usr/bin/stat [ OK ] /usr/bin/sha1sum [ OK ] /usr/bin/users [ OK ] /usr/bin/w [ OK ] /usr/bin/watch [ OK ] /usr/bin/who [ OK ] /usr/bin/whoami [ OK ] /usr/sbin/cron [ OK ][Press <ENTER> to continue]Open fire!!!!! SUSE 9.1 Quote Link to comment Share on other sites More sharing options...
Bruno Posted February 19, 2005 Author Share Posted February 19, 2005 Okay . . press <Enter > . . . . . you can go on now :DSo far looking goodB) Bruno Quote Link to comment Share on other sites More sharing options...
Shamgar Posted February 19, 2005 Share Posted February 19, 2005 Okay, this is what happened. Do you want me to keep hitting enter?Check rootkits* Default files and directories Rootkit '55808 Trojan - Variant A'... [ OK ] ADM Worm... [ OK ] Rootkit 'AjaKit'... [ OK ] Rootkit 'aPa Kit'... [ OK ] Rootkit 'Apache Worm'... [ OK ] Rootkit 'Ambient (ark) Rootkit'... [ OK ] Rootkit 'Balaur Rootkit'... [ OK ] Rootkit 'BeastKit'... [ OK ] Rootkit 'BOBKit'... [ OK ] Rootkit 'CiNIK Worm (Slapper.B variant)'... [ OK ] Rootkit 'Danny-Boy's Abuse Kit'... [ OK ] Rootkit 'Devil RootKit'... [ OK ] Rootkit 'Dica'... [ OK ] Rootkit 'Dreams Rootkit'... [ OK ] Rootkit 'Duarawkz'... [ OK ] Rootkit 'Flea Linux Rootkit'... [ OK ] Rootkit 'FreeBSD Rootkit'... [ OK ] Rootkit '****`it Rootkit'... [ OK ] Rootkit 'GasKit'... [ OK ] Rootkit 'Heroin LKM'... [ OK ] Rootkit 'HjC Kit'... [ OK ] Rootkit 'ignoKit'... [ OK ] Rootkit 'ImperalsS-FBRK'... [ OK ] Rootkit 'Irix Rootkit'... [ OK ] Rootkit 'Kitko'... [ OK ] Rootkit 'Knark'... [ OK ] Rootkit 'Li0n Worm'... [ OK ] Rootkit 'Lockit / LJK2'... [ OK ] Rootkit 'MRK'... [ OK ] Rootkit 'Ni0 Rootkit'... [ OK ] Rootkit 'RootKit for SunOS / NSDAP'... [ OK ] Rootkit 'Optic Kit (Tux)'... [ OK ] Rootkit 'Oz Rootkit'... [ OK ] Rootkit 'Portacelo'... [ OK ] Rootkit 'R3dstorm Toolkit'... [ OK ] Rootkit 'RH-Sharpe's rootkit'... [ OK ] Rootkit 'RSHA's rootkit'... [ OK ] Sebek LKM [ OK ] Rootkit 'Scalper Worm'... [ OK ] Rootkit 'Shutdown'... [ OK ] Rootkit 'SHV4'... [ OK ] Rootkit 'SHV5'... [ OK ] Rootkit 'Sin Rootkit'... [ OK ] Rootkit 'Slapper'... [ OK ] Rootkit 'Sneakin Rootkit'... [ OK ] Rootkit 'Suckit Rootkit'... [ OK ] Rootkit 'SunOS Rootkit'... [ OK ] Rootkit 'Superkit'... [ OK ] Rootkit 'TBD (Telnet BackDoor)'... [ OK ] Rootkit 'TeLeKiT'... [ OK ] Rootkit 'T0rn Rootkit'... [ OK ] Rootkit 'Trojanit Kit'... [ OK ] Rootkit 'Tuxtendo'... [ OK ] Rootkit 'URK'... [ OK ] Rootkit 'VcKit'... [ OK ] Rootkit 'Volc Rootkit'... [ OK ] Rootkit 'X-Org SunOS Rootkit'... [ OK ] Rootkit 'zaRwT.KiT Rootkit'... [ OK ]* Suspicious files and malware Scanning for known rootkit strings [ OK ] Scanning for known rootkit files [ OK ] Testing running processes... [ OK ] Miscellaneous Login backdoors [ OK ] Miscellaneous directories [ OK ] Software related files [ OK ] Sniffer logs [ OK ][Press <ENTER> to continue] Quote Link to comment Share on other sites More sharing options...
Bruno Posted February 19, 2005 Author Share Posted February 19, 2005 Just one at a time Shamgar . . yep press Enter again and show me the output so I can check . . Bruno Quote Link to comment Share on other sites More sharing options...
Shamgar Posted February 19, 2005 Share Posted February 19, 2005 Looks like another enter:* Trojan specific characteristics shv4 Checking /etc/rc.d/rc.sysinit [ Not found ] Checking /etc/inetd.conf [ Not found ] Checking /etc/xinetd.conf [ Clean ]* Suspicious file properties chmod properties Checking /bin/ps [ Clean ] Checking /bin/ls [ Clean ] Checking /usr/bin/w [ Clean ] Checking /usr/bin/who [ Clean ] Checking /bin/netstat [ Clean ] Checking /bin/login [ Clean ] Script replacements Checking /bin/ps [ Clean ] Checking /bin/ls [ Clean ] Checking /usr/bin/w [ Clean ] Checking /usr/bin/who [ Clean ] Checking /bin/netstat [ Clean ] Checking /bin/login [ Clean ]* OS dependant tests Linux Checking loaded kernel modules... [ OK ] Checking files attributes [ OK ] Checking LKM module path [ OK ]Networking* Check: frequently used backdoors Port 2001: Scalper Rootkit [ OK ] Port 2006: CB Rootkit [ OK ] Port 2128: MRK [ OK ] Port 14856: Optic Kit (Tux) [ OK ] Port 47107: T0rn Rootkit [ OK ] Port 60922: zaRwT.KiT [ OK ]* Interfaces Scanning for promiscuous interfaces [ OK ][Press <ENTER> to continue] Quote Link to comment Share on other sites More sharing options...
Bruno Posted February 19, 2005 Author Share Posted February 19, 2005 Yep . . . looking good so far ! Bruno Quote Link to comment Share on other sites More sharing options...
Shamgar Posted February 19, 2005 Share Posted February 19, 2005 More "Enters"* Trojan specific characteristics shv4 Checking /etc/rc.d/rc.sysinit [ Not found ] Checking /etc/inetd.conf [ Not found ] Checking /etc/xinetd.conf [ Clean ]* Suspicious file properties chmod properties Checking /bin/ps [ Clean ] Checking /bin/ls [ Clean ] Checking /usr/bin/w [ Clean ] Checking /usr/bin/who [ Clean ] Checking /bin/netstat [ Clean ] Checking /bin/login [ Clean ] Script replacements Checking /bin/ps [ Clean ] Checking /bin/ls [ Clean ] Checking /usr/bin/w [ Clean ] Checking /usr/bin/who [ Clean ] Checking /bin/netstat [ Clean ] Checking /bin/login [ Clean ]* OS dependant tests Linux Checking loaded kernel modules... [ OK ] Checking files attributes [ OK ] Checking LKM module path [ OK ]Networking* Check: frequently used backdoors Port 2001: Scalper Rootkit [ OK ] Port 2006: CB Rootkit [ OK ] Port 2128: MRK [ OK ] Port 14856: Optic Kit (Tux) [ OK ] Port 47107: T0rn Rootkit [ OK ] Port 60922: zaRwT.KiT [ OK ]* Interfaces Scanning for promiscuous interfaces [ OK ][Press <ENTER> to continue]System checks* Allround tests Checking hostname... Found. Hostname is linux Checking for passwordless user accounts... OK Checking for differences in user accounts... [ NA ] Checking for differences in user groups... Creating file It seems this is your first time. Checking boot.local/rc.local file... - /etc/rc.local [ Not found ] - /etc/rc.d/rc.local [ Not found ] - /usr/local/etc/rc.local [ Not found ] - /usr/local/etc/rc.d/rc.local [ Not found ] - /etc/conf.d/local.start [ Not found ] - /etc/init.d/boot.local [ OK ] Checking rc.d files... Processing........................................ ........................................ ........................................ ........................................ ........................................ ........................................ ................................... Result rc.d files check [ OK ] Checking history files Bourne Shell [ OK ]* Filesystem checks Checking /dev for suspicious files... [ Warning! (unusual files found) ]---------------------------------------------Unusual files:/dev/null.2005-02-12.0: ASCII text/dev/null.2005-02-13.0: ASCII text/dev/null.2005-02-14.0: ASCII English text/dev/null.2005-02-15.0: ASCII text--------------------------------------------- Scanning for hidden files... [ Warning! ]--------------- /dev/.udev.tdb /etc/.java/etc/.pwd.lock---------------Please inspect: /etc/.java (directory)[Press <ENTER> to continue] Quote Link to comment Share on other sites More sharing options...
Bruno Posted February 19, 2005 Author Share Posted February 19, 2005 Yep the java warning is normal and can be ignored :DPress enter againB) Bruno Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.