My main computer has never run Windows; I built it from parts to run Ubuntu, and it's been happily doing that since spring of 2008. Linux computers rarely get any kind of attack (I don't use any virus protection), but I stumbled on two articles on rootkits in Linux this morning (it's heading for 4:00 am, and I've been up since about 2:30). I don't do my best thinking at this time of day (that doesn't happen for another two hours or so), so I got panicky and downloaded what appear to be the most common rootkit utilities for Ubuntu: chkrootkit and rkhunter.
They didn't show up in the program menu anywhere I could find, which means they run from the ooh-scary command-line terminal (my first computer didn't have Windows - back in the DOS 3.3 days - and even my second computer only had Windows 2.something, that was basically a menu for command-line commands, so I'm not completely unfamiliar with the command line - but you've gotta know what the commands are to use 'em; graphical interfaces, with all their problems, are better for the person who doesn't know what the program will do). Both programs want to be run as root, and rkhunter wants a parameter set. For the basics, use these commands:
sudo rkhunter -c
sudo chkrootkit
That'll get 'em going... and now I've got a place where I can go look these up when I need 'em!
(A year and a half ago, on another blog, I wrote about the use of the command line. I'm sticking with the thoughts expressed in that earlier post.)
No comments:
Post a Comment