Linked by Thom Holwerda on Tue 26th Dec 2006 12:25 UTC, submitted by Ravi
Privacy, Security, Encryption "A rootkit is a collection of tools a hacker installs on a victim computer after gaining initial access. It generally consists of network sniffers, log-cleaning scripts, and trojaned replacements of core system utilities such as ps, netstat, ifconfig, and killall. I know of two programs which aid in detecting whether a rootkit has been installed on your machine. They are Rootkit Hunter and Chkrootkit."
Permalink for comment 196435
To read all comments associated with this story, please click here.
RE: rootkit? what rootkit?
by sukru on Wed 27th Dec 2006 03:46 UTC in reply to "rootkit? what rootkit?"
sukru
Member since:
2006-11-19

Logwatch comes enabled with RedHat systems (and CentOS). As far as I can tell it does more or less the same thing.

It's modular, easy to configure/extend to your needs. And if you consolidate your logs files by using a remote syslog server, you'll have a much useful output (overview of all your servers coming as a daily mail report).

Ok, to make is similar here's how the report looks:

################### LogWatch 5.2.2 (06/23/04) ####################
Processing Initiated: Mon Nov 13 04:02:03 2006
Date Range Processed: yesterday
Detail Level of Output: 0
Logfiles for Host:
################################################################

--------------------- pam_unix Begin ------------------------

crond:
Unknown Entries:
session closed for user root: 5 Time(s)
session opened for user root by (uid=0): 5 Time(s)


---------------------- pam_unix End -------------------------


--------------------- sendmail Begin ------------------------



Bytes Transferred: 1488
Messages Sent: 2
Total recipients: 2
---------------------- sendmail End -------------------------



------------------ Disk Space --------------------

/dev/mapper/Server-Root
7.9G 4.6G 3.0G 62% /
/dev/sda1 99M 44M 51M 47% /boot
/dev/mapper/
4.0G 41M 3.7G 2% /home
...

###################### LogWatch End #########################

It's from a backend server (so there are little logins, no attacks and almost no mail processed), I removed some parts, and many modules are not enabled for this system (e.g: no httpd), but it gives a general idea on the capabilities.

Reply Parent Score: 1