Post Reply 
 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
LINUX has a RootKit problem!
02-03-2010, 09:49 PM
Post: #1
LINUX has a RootKit problem!
Linux is not very secure any more!...we had a major attack on one of our linux boxes (redhat) which involved a recompile of the kernel using a rootkit.

None of the freeBSD machines were touched because there seem to be very few rootkits available.

I'd say the major security issue with LINUX is going to be rootkits which really only work because the source is available.

How may rootkits are there for LINUX at the moment?....what would be the best way to protect against such an attack?
Find all posts by this user
Quote this message in a reply
03-06-2010, 04:34 PM
Post: #2
RE: LINUX has a RootKit problem!
Rootkits are a bit of a worry on any system but since the majority of Linux machines being actively targeted are servers I would worry more about stuff like PHP web file browsers.
Generally Linux usage is so low for desktops and so high for servers that apache is the primary target and if you infect a server with a web file browser you don't have to worry about bypassing firewalls or anything.
Find all posts by this user
Quote this message in a reply
03-26-2010, 09:22 PM
Post: #3
RE: LINUX has a RootKit problem!
A Root Kit does not facility in the initial penetration of your system. A root kit is used after your machine has been attacked to provide an attacker with an easy "back door" to your system at a later date.

Also, you should make sure the attacker cannot get a shell on your machine in the first place. This means turning off everything which is not needed, putting a firewall in place, and ensuring those services you do make publicly available on your machine are locked down, and hardened where necessary.
Find all posts by this user
Quote this message in a reply
07-16-2010, 11:49 PM
Post: #4
RE: LINUX has a RootKit problem!
Shure rootkit is a pain in the A **, but there are a few tools to track them. F.x. is "chkrootkit". It scans your entire system, and tells you if there is a problem.
In addition, you have "tripwire" that will check all files on INTEGRITY that should not be changed.

We must be the change we want to see
Find all posts by this user
Quote this message in a reply
10-19-2010, 09:15 PM
Post: #5
RE: LINUX has a RootKit problem!
Yes,If you lock down a Linux box and regularly then update it is a very secure Operating System. Generally, Linux usage is so low for desktops as well as high for servers that Apache is the primary target. So pl z check then use that.
Find all posts by this user
Quote this message in a reply
12-15-2010, 06:44 AM
Post: #6
RE: LINUX has a RootKit problem!
A rootkit is not easy initial penetration of your system. A rootkit is used after your machine has been attacked for providing an attacker with an easy back door of your system at a later date. Also, make sure that the attacker can not get a shell in his first machine. This means turning off everything that is not necessary to put a firewall in place, and provide services not available to the public on your machine is locked and tightened if necessary.
Find all posts by this user
Quote this message in a reply
01-05-2011, 08:07 AM
Post: #7
RE: LINUX has a RootKit problem!
A rootkit is software that will allow continued privileged access to a computer while you are actively hide its presence administrators to affect the functionality of the operating system or other programs. The term rootkit is a series of root and the word kit. The term rootkit has negative connotations because of its association with malware.
Find all posts by this user
Quote this message in a reply
01-05-2011, 07:21 PM (This post was last modified: 01-05-2011 07:21 PM by jhonas.)
Post: #8
RE: LINUX has a RootKit problem!
I heard about these attack in linux but dont know how to protect from it??
Find all posts by this user
Quote this message in a reply
01-13-2011, 12:43 AM (This post was last modified: 01-13-2011 12:51 AM by herosshamy.)
Post: #9
RE: LINUX has a RootKit problem!
I agree with Linux J is usually the machine's configuration, which usually means the managers of their guilt. If you lock your computer and regularly update Linux in a very secure operating system. It keeps exactly the same Tatic rooted from different servers. A rootkit is not your original investment in the system penitration.
Find all posts by this user
Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 1 Guest(s)