Rootkit-detection in FreeBSD

Rootkit-detection in FreeBSD
Lars Sommer, lasg@lasg.dk, 2007-10-18
DISCLAIMER: This is a personal note made for personal usage. It might not be easy usable nor explaining.

Install these ports:
security/chkrootkit
security/rkhunter

rkhunter install options:
make options:
WITH_LSOF=true
WITH_NMAP=true

chkrootkit usage:
Run sometimes with:
sudo chkrootkit -q
Or add to /etc/crontab like weekly:
10 10 * * 2 root /usr/local/sbin/chkrootkit -q > /var/log/chkrootkit.log

rkhunter usage:

You should keep your rkhunter database up-to-date.
This can be done automatically by putting this line to /etc/periodic.conf:
daily_rkhunter_update_enable=”YES”

Also, you can run rkhunter as a part of the daily security check by
putting this line to /etc/periodic.conf:
daily_rkhunter_check_enable=”YES”

Add this “–quiet –createlogfile –no-verbose-logging” to:
/usr/local/etc/periodic/security/415.rkhunter
so relevant log is done

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>