mttjohnson · April 18, 2019 20:27
diff --git a/running_chkrootkit.sh b/running_chkrootkit.sh
 # http://www.chkrootkit.org/download/
 # http://www.chkrootkit.org/README


 # Commands to download file, and then upload to server after validating it
 wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz
 wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.md5
 cat chkrootkit.md5
 md5sum chkrootkit.tar.gz
 scp chkrootkit.tar.gz [email protected]:~/
 ssh [email protected]



 # Commands run on remote system

 sudo -i
 mkdir -p ~/temp
 mv ~myuser/chkrootkit.tar.gz ~/temp/
 cd ~/temp/

 yum install glibc-static

 make sense
 ./chkrootkit

 # A few false positives on a newly built CentOS 7 box:
 # 
 # Searching for suspicious files and dirs, it may take a while... 
 # /usr/lib/debug/usr/.dwz
 # 
 # Checking `sniffer'... ens5: PF_PACKET(/usr/sbin/dhclient)
 # 
 # Searching for Linux.Xor.DDoS ... INFECTED: Possible Malicious Linux.Xor.DDoS installed
 # /tmp/terraform_1005042749.sh
 # /tmp/terraform_635230003.sh
	# http://www.chkrootkit.org/download/
	# http://www.chkrootkit.org/README


	# Commands to download file, and then upload to server after validating it
	wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz
	wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.md5
	cat chkrootkit.md5
	md5sum chkrootkit.tar.gz
	scp chkrootkit.tar.gz [email protected]:~/
	ssh [email protected]



	# Commands run on remote system

	sudo -i
	mkdir -p ~/temp
	mv ~myuser/chkrootkit.tar.gz ~/temp/
	cd ~/temp/

	yum install glibc-static

	make sense
	./chkrootkit

	# A few false positives on a newly built CentOS 7 box:
	#
	# Searching for suspicious files and dirs, it may take a while...
	# /usr/lib/debug/usr/.dwz
	#
	# Checking `sniffer'... ens5: PF_PACKET(/usr/sbin/dhclient)
	#
	# Searching for Linux.Xor.DDoS ... INFECTED: Possible Malicious Linux.Xor.DDoS installed
	# /tmp/terraform_1005042749.sh
	# /tmp/terraform_635230003.sh
No results found