Rootkit: sebuah perangkat lunak yang bertujuan untuk menyembunyikan prosses, berkas dan data system yang sedang berjalan dari sytem operasi Tempat dia tinggal. Kit-akar awalnya berupa aplikasi yang tidak berbahaya, tetapi belakangan ini telah banyak digunakan oleh perangkat perusak yang ditujukan untuk membantu penyusup menjaga tindakan mereka yang ke dalam sistem agar tidak terlacak. Kit-akar hadir di beragam sistem operasi seperti, Linux, Solaris dan Microsoft Windows. Kit-akar ini sering mengubah bagian dari sistem operasi dan juga memasang dirinya sendiri sebagai penggerak atau modul inti.
Kata "rootkit" terdengar di telinga publik bermula pada skandal Sony BMG CD Copy Protection, di mana cakram padat yang dibuat Sony BMG music meletakkan sebuah kit-akar di PC Microsoft Windows pada saat pengguna memutar cakram padat di komputer mereka. Sony sebelumnya tidak memperingatkan kepada pengguna akan hal ini di dalam cakram padat mereka maupun di dalam kemasannya. Baca lebih lanjut tentang: Rootkit
Scanner malware dengan rootkit hunter
Sekilas tentang rootkit hunter: rkhunter (Rootkit Hunter) Sebuah alat yang berbasis Unix yang fungsinya untuk scanner rootkit , backdoors dan mungkin lokal eksploitasi . Hal ini dilakukan dengan membandingkan SHA-1 hash dari file-file penting dengan dikenal yang baik di database online, mencari direktori default (rootkit), perizinan yang salah, file tersembunyi, string mencurigakan di modul kernel , dan tes khusus untuk Linux dan FreeBSD .
Alat ini telah ditulis dalam Bourne shell, untuk memungkinkan portabilitas. Hal ini dapat berjalan pada sistem hampir semua UNIX yang diturunkan. Sumber:wikipedia
INSTALL: RKHUNTER
Fitur dari Rkhunter:
Scanner rootkit secara menyeluruhroot# rkhunter -hUsage: rkhunter {--check | --unlock | --update | --versioncheck |--propupd [{filename | directory | package name},...] |--list [{tests | {lang | languages} | rootkits | perl | propfiles}] |--config-check | --version | --help} [options]Current options are:--append-log Append to the logfile, do not overwrite--bindir <directory>... Use the specified command directories-c, --check Check the local system-C, --config-check Check the configuration file(s), then exit--cs2, --color-set2 Use the second color set for output--configfile <file> Use the specified configuration file--cronjob Run as a cron job(implies -c, --sk and --nocolors options)--dbdir <directory> Use the specified database directory--debug Debug mode(Do not use unless asked to do so)--disable <test>[,<test>...] Disable specific tests(Default is to disable no tests)--display-logfile Display the logfile at the end--enable <test>[,<test>...] Enable specific tests(Default is to enable all tests)--hash {MD5 | SHA1 | SHA224 | SHA256 | SHA384 | SHA512 |NONE | <command>} Use the specified file hash function(Default is SHA1, then MD5)-h, --help Display this help menu, then exit--lang, --language <language> Specify the language to use(Default is English)--list [tests | languages | List the available test names, languages,rootkits | perl | rootkit names, perl module statuspropfiles] or file properties database, then exit-l, --logfile [file] Write to a logfile(Default is /var/log/rkhunter.log)--noappend-log Do not append to the logfile, overwrite it--nocf Do not use the configuration file entriesfor disabled tests (only valid with --disable)--nocolors Use black and white output--nolog Do not write to a logfile--nomow, --no-mail-on-warning Do not send a message if warnings occur--ns, --nosummary Do not show the summary of check results--novl, --no-verbose-logging No verbose logging--pkgmgr {RPM | DPKG | BSD | Use the specified package manager to obtain orSOLARIS | NONE} verify file property values. (Default is NONE)--propupd [file | directory | Update the entire file properties database,package]... or just for the specified entries-q, --quiet Quiet mode (no output at all)--rwo, --report-warnings-only Show only warning messages--sk, --skip-keypress Don't wait for a keypress after each test--summary Show the summary of system check results(This is the default)--syslog [facility.priority] Log the check start and finish times to syslog(Default level is authpriv.notice)--tmpdir <directory> Use the specified temporary directory--unlock Unlock (remove) the lock file--update Check for updates to database files--vl, --verbose-logging Use verbose logging (on by default)-V, --version Display the version number, then exit--versioncheck Check for latest version of program-x, --autox Automatically detect if X is in use-X, --no-autox Do not automatically detect if X is in use
[ Rootkit Hunter version 1.4.2 ] Checking system commands... Performing 'strings' command checks Checking 'strings' command [ OK ] Performing 'shared libraries' checks Checking for preloading variables [ None found ] Checking for preloaded libraries [ None found ] Checking LD_LIBRARY_PATH variable [ Not found ] Performing file properties checks Checking for prerequisites [ OK ] /usr/sbin/adduser [ OK ] /usr/sbin/chroot [ OK ] /usr/sbin/cron [ OK ] /usr/sbin/groupadd [ OK ] /usr/sbin/groupdel [ OK ] /usr/sbin/groupmod [ OK ] /usr/sbin/grpck [ OK ] /usr/sbin/ifstatus [ Warning ] /usr/sbin/nologin [ OK ] /usr/sbin/pwck [ OK ] /usr/sbin/rsyslogd [ OK ] /usr/sbin/tcpd [ OK ] /usr/sbin/useradd [ OK ] /usr/sbin/userdel [ OK ] /usr/sbin/usermod [ OK ] /usr/sbin/vipw [ OK ] /usr/sbin/unhide [ OK ] /usr/sbin/unhide-linux [ OK ] /usr/sbin/unhide-posix [ OK ] /usr/sbin/unhide-tcp [ OK ] /usr/bin/awk [ OK ] /usr/bin/basename [ OK ] /usr/bin/chattr [ OK ] /usr/bin/curl [ OK ] /usr/bin/cut [ OK ] /usr/bin/diff [ OK ] /usr/bin/dirname [ OK ] /usr/bin/dpkg [ OK ] /usr/bin/dpkg-query [ OK ] /usr/bin/du [ OK ] /usr/bin/elinks [ OK ] /usr/bin/env [ OK ] /usr/bin/file [ OK ] /usr/bin/find [ OK ] /usr/bin/GET [ OK ] /usr/bin/groups [ OK ] /usr/bin/head [ OK ] /usr/bin/id [ OK ] /usr/bin/killall [ OK ] /usr/bin/last [ OK ] /usr/bin/lastlog [ OK ] /usr/bin/ldd [ OK ] /usr/bin/less [ OK ] /usr/bin/locate [ OK ] /usr/bin/logger [ OK ] /usr/bin/lsattr [ OK ] /usr/bin/lsof [ OK ] /usr/bin/mail [ OK ] /usr/bin/md5sum [ OK ] /usr/bin/mlocate [ OK ] /usr/bin/newgrp [ OK ] /usr/bin/passwd [ OK ] /usr/bin/perl [ OK ] /usr/bin/pgrep [ OK ] /usr/bin/pkill [ OK ] /usr/bin/pstree [ OK ] /usr/bin/rkhunter [ OK ] /usr/bin/rpm [ OK ] /usr/bin/runcon [ OK ] /usr/bin/sha1sum [ OK ] /usr/bin/sha224sum [ OK ] /usr/bin/sha256sum [ OK ] /usr/bin/sha384sum [ OK ] /usr/bin/sha512sum [ OK ] /usr/bin/size [ OK ] /usr/bin/sort [ OK ] /usr/bin/ssh [ OK ] /usr/bin/stat [ OK ] /usr/bin/strace [ OK ] /usr/bin/strings [ OK ] /usr/bin/sudo [ OK ] /usr/bin/tail [ OK ] /usr/bin/telnet [ OK ] /usr/bin/test [ OK ] /usr/bin/top [ OK ] /usr/bin/touch [ OK ] /usr/bin/tr [ OK ] /usr/bin/uniq [ OK ] /usr/bin/users [ OK ] /usr/bin/vmstat [ OK ] /usr/bin/w [ OK ] /usr/bin/watch [ OK ] /usr/bin/wc [ OK ] /usr/bin/wget [ OK ] /usr/bin/whatis [ OK ] /usr/bin/whereis [ OK ] /usr/bin/which [ OK ] /usr/bin/who [ OK ] /usr/bin/whoami [ OK ] /usr/bin/gawk [ OK ] /usr/bin/lwp-request [ Warning ] /usr/bin/s-nail [ OK ] /usr/bin/x86_64-linux-gnu-size [ OK ] /usr/bin/x86_64-linux-gnu-strings [ OK ] /usr/bin/telnet.netkit [ OK ] /usr/bin/w.procps [ OK ] /sbin/depmod [ OK ] /sbin/fsck [ OK ] /sbin/ifconfig [ OK ] /sbin/ifdown [ OK ] /sbin/ifup [ OK ] /sbin/init [ OK ] /sbin/insmod [ OK ] /sbin/ip [ OK ] /sbin/lsmod [ OK ] /sbin/modinfo [ OK ] /sbin/modprobe [ OK ] /sbin/rmmod [ OK ] /sbin/route [ OK ] /sbin/runlevel [ OK ] /sbin/sulogin [ OK ] /sbin/sysctl [ OK ] /bin/bash [ OK ] /bin/cat [ OK ] /bin/chmod [ OK ] /bin/chown [ OK ] /bin/cp [ OK ] /bin/date [ OK ] /bin/df [ OK ] /bin/dmesg [ OK ] /bin/echo [ OK ] /bin/ed [ OK ] /bin/egrep [ OK ] /bin/fgrep [ OK ] /bin/fuser [ OK ] /bin/grep [ OK ] /bin/ip [ OK ] /bin/kill [ OK ] /bin/less [ OK ] /bin/login [ OK ] /bin/ls [ OK ] /bin/lsmod [ OK ] /bin/mktemp [ OK ] /bin/more [ OK ] /bin/mount [ OK ] /bin/mv [ OK ] /bin/netstat [ OK ] /bin/ping [ OK ] /bin/ps [ OK ] /bin/pwd [ OK ] /bin/readlink [ OK ] /bin/sed [ OK ] /bin/sh [ OK ] /bin/su [ OK ] /bin/touch [ OK ] /bin/uname [ OK ] /bin/which [ OK ] /bin/kmod [ OK ] /bin/systemd [ OK ] /bin/systemctl [ OK ] /bin/dash [ OK ] /lib/systemd/systemd [ OK ] [Press <ENTER> to continue] Checking for rootkits... Performing check of known rootkit files and directories 55808 Trojan - Variant A [ Not found ] ADM Worm [ Not found ] AjaKit Rootkit [ Not found ] Adore Rootkit [ Not found ] aPa Kit [ Not found ] Apache Worm [ Not found ] Ambient (ark) Rootkit [ Not found ] Balaur Rootkit [ Not found ] BeastKit Rootkit [ Not found ] beX2 Rootkit [ Not found ] BOBKit Rootkit [ Not found ] cb Rootkit [ Not found ] CiNIK Worm (Slapper.B variant) [ Not found ] Danny-Boy's Abuse Kit [ Not found ] Devil RootKit [ Not found ] Dica-Kit Rootkit [ Not found ] Dreams Rootkit [ Not found ] Duarawkz Rootkit [ Not found ] Enye LKM [ Not found ] Flea Linux Rootkit [ Not found ] Fu Rootkit [ Not found ] Fuck`it Rootkit [ Not found ] GasKit Rootkit [ Not found ] Heroin LKM [ Not found ] HjC Kit [ Not found ] ignoKit Rootkit [ Not found ] IntoXonia-NG Rootkit [ Not found ] Irix Rootkit [ Not found ] Jynx Rootkit [ Not found ] KBeast Rootkit [ Not found ] Kitko Rootkit [ Not found ] Knark Rootkit [ Not found ] ld-linuxv.so Rootkit [ Not found ] Li0n Worm [ Not found ] Lockit / LJK2 Rootkit [ Not found ] Mood-NT Rootkit [ Not found ] MRK Rootkit [ Not found ] Ni0 Rootkit [ Not found ] Ohhara Rootkit [ Not found ] Optic Kit (Tux) Worm [ Not found ] Oz Rootkit [ Not found ] Phalanx Rootkit [ Not found ] Phalanx2 Rootkit [ Not found ] Phalanx2 Rootkit (extended tests) [ Not found ] Portacelo Rootkit [ Not found ] R3dstorm Toolkit [ Not found ] RH-Sharpe's Rootkit [ Not found ] RSHA's Rootkit [ Not found ] Scalper Worm [ Not found ] Sebek LKM [ Not found ] Shutdown Rootkit [ Not found ] SHV4 Rootkit [ Not found ] SHV5 Rootkit [ Not found ] Sin Rootkit [ Not found ] Slapper Worm [ Not found ] Sneakin Rootkit [ Not found ] 'Spanish' Rootkit [ Not found ] Suckit Rootkit [ Not found ] Superkit Rootkit [ Not found ] TBD (Telnet BackDoor) [ Not found ] TeLeKiT Rootkit [ Not found ] T0rn Rootkit [ Not found ] trNkit Rootkit [ Not found ] Trojanit Kit [ Not found ] Tuxtendo Rootkit [ Not found ] URK Rootkit [ Not found ] Vampire Rootkit [ Not found ] VcKit Rootkit [ Not found ] Volc Rootkit [ Not found ] Xzibit Rootkit [ Not found ] zaRwT.KiT Rootkit [ Not found ] ZK Rootkit [ Not found ] [Press <ENTER> to continue] Performing additional rootkit checks Suckit Rookit additional checks [ OK ] Checking for possible rootkit files and directories [ None found ] Checking for possible rootkit strings [ None found ] Performing malware checks Checking running processes for suspicious files [ None found ] Checking for login backdoors [ None found ] Checking for suspicious directories [ None found ] Checking for sniffer log files [ None found ] Suspicious Shared Memory segments [ None found ] Checking for Apache backdoor [ Not found ] Performing Linux specific checks Checking loaded kernel modules [ OK ] Checking kernel module names [ OK ] [Press <ENTER> to continue] Checking the network... Performing checks on the network ports Checking for backdoor ports [ Warning ] Checking for hidden ports [ None found ] Performing checks on the network interfaces Checking for promiscuous interfaces [ None found ] Checking the local host... Performing system boot checks Checking for local host name [ Found ] Checking for system startup files [ Found ] Checking system startup files for malware [ None found ] Performing group and account checks Checking for passwd file [ Found ] Checking for root equivalent (UID 0) accounts [ None found ] Checking for passwordless accounts [ None found ] Checking for passwd file changes [ None found ] Checking for group file changes [ None found ] Checking root account shell history files [ None found ] Performing system configuration file checks Checking for an SSH configuration file [ Not found ] Checking for a running system logging daemon [ Found ] Checking for a system logging configuration file [ Found ] Checking if syslog remote logging is allowed [ Not allowed ] Performing filesystem checks Checking /dev for suspicious file types [ Warning ] Checking for hidden files and directories [ Warning ] [Press <ENTER> to continue] System checks summary ===================== File properties checks... Files checked: 152 Suspect files: 2 Rootkit checks... Rootkits checked : 365 Possible rootkits: 1 Applications checks... All checks skipped The system checks took: 4 minutes and 7 seconds All results have been written to the log file: /var/log/rkhunter.log One or more warnings have been found while checking the system. Please check the log file (/var/log/rkhunter.log)
BACA JUGA: MENGENAL CRYPTOLOCKER
0 Komentar
Penulisan markup di komentar