Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Technical

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 16th February 2011, 13:52
vmos vmos is offline
Member
 
Join Date: Nov 2008
Posts: 57
Thanks: 1
Thanked 0 Times in 0 Posts
Default Anti-virus // rootkit checker?

Hi there,
we've had a few debian/ubuntu servers hacked over the past year or so, ultimately each instance was traced to shoddy client code.
Most of our servers are kept well away from third party code but some have to have it.
We do what we can to secure the servers but sometimes a client says "oh we have to have this gaping php security hole otherwise my code won't work" so we put barbed wired around it and wait for those friendly indonesian chaps to hack it to pieces (seems most of our hackers are indonesian for some strange reason)

anyways, I was thinking that maybe we can be more pro-active with detecting hacks, in many cases there seems to have been several days between the inital server compromise and the clients sites turning to mush.
I was thinking maybe a cron job to run rkhunter and email the output, but this would mean a bunch of emails that need manually checked every day.

Anyone got any suggestions for a better method?
Reply With Quote
Sponsored Links
  #2  
Old 17th February 2011, 02:27
pititis pititis is offline
Senior Member
 
Join Date: Dec 2010
Location: München
Posts: 364
Thanks: 39
Thanked 90 Times in 68 Posts
Default

rkhunter and chkrootkit are a good options (rkhunter is much better). A fs integrity check like tripwire can be very useful. apache mod_security together with owasp CRS is wonderful.

Security is very important and you can do so much but how the hell you are hacked so frequently man?

Last edited by pititis; 17th February 2011 at 02:49.
Reply With Quote
  #3  
Old 17th February 2011, 10:14
vmos vmos is offline
Member
 
Join Date: Nov 2008
Posts: 57
Thanks: 1
Thanked 0 Times in 0 Posts
 
Default

thanks for your reccomendations, tripwire looks particularly handy.

As for the hacks, the servers with our code are fine, the problems come when a client uses a dodgy cms to manage their site and have a password like "hackme" (that actually happened)
Reply With Quote
Reply

Bookmarks

Tags
debian, hack, rootkit, ubuntu

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
rkhunter Tripple Installation/Configuration 22 13th May 2014 23:03
rkhunter warnings esezako General 7 27th September 2011 07:28
Please review RKHUNTER Log jmh_fl General 1 27th April 2010 16:44
Debian 5.0 'hangs' GHz Installation/Configuration 5 1st October 2009 12:57
Possible hack attempt? tristanlee85 General 18 31st October 2007 15:05


All times are GMT +2. The time now is 20:10.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.