Rkhunter Installation

Rkhunter is a tool used to check trojans, rootkits, and other security problems.
Here are the installation steps:-

root@server1 [~]#wget http://downloads.rootkit.nl/rkhunter-1.2.7.tar.gz
root@server1 [~]#tar -zxvf rkhunter-1.2.7.tar.gz
root@server1 [~]#cd rkhunter-1.2.7
root@server1 [~]#./installer.sh

You can scan the server by using the following command:-

root@server1 [~]#/usr/local/bin/rkhunter -c

You can update the rkhunter database by issuing the following command:-

root@server1 [~]#rkhunter –update

Chrootkit Installation

Chrootkit is a tool used for scanning the trojans in the server.

Here are the installation steps:-

1) Download the source package

root@server1 [~]#wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz

2)Check the MD5 SUM of the download for security.

root@server1 [~]#ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.md5
root@server1 [~]#md5sum chkrootkit.tar.gz

3) Extract the source file and install it.

root@server1 [~]#tar xvzf chkrootkit.tar.gz
root@server1 [~]#cd chkrootkit*
root@server1 [~]#make sense

4) Scan the server.

root@server1 [~]#./chkrootkit

Image Source: Kannada Prabha

Owner of LxLabs, K T Ligesh (32) , passed away at his residence in Bangalore last night. Initial reports state that he committed suicide. As per the news-reports, it appears that Ligesh , who was a guitarist as well, was going through a difficult time personally.

LxLabs is the creator of HyperVM – optimized virtualization technology which runs on both Xen and OpenVZ, “Host In a Box” solution - LxAdmin/Kloxo for Web hosting companies, server owners, resellers etc. Recently, there have been some serious  vulnerability reports concerning their software.

Ligesh was an exceptional software engineer, and the mastermind behind all the well known software products his company produced. His stellar engineering talent is evident in the way he created innovative software products that were quick to rise in popularity and adoption within the industry, capturing the imagination of thousands of industry watchers. InstaCarma and its Directors shared a cordial relationship with Ligesh. His brilliance and intelligence always shone through in all our interactions with him.

Details regarding who will take over the operations of the company or the development/maintenance of the software is not available at the moment. Also, it is not known what the server owners who use LxLabs’ software should do in the wake of this news. While further updates are awaited, Ligesh is in our thoughts and prayers . May his soul rest in peace!

Nessus is one of the best vulnerability scanning tool available today. It is available free of cost for personal use. It can detect potential vulnerabilities in an individual system or a network.

In the Unix/Linux environment,  Nessus consists of two parts :-

nessusd – It is the daemon which does the scanning.
Nessus  – the client which controls the scanning and provides the report to the user.

Source and guidelines for the installation is available on the official Nessus website – www.nessus.org

Once you are done with the installation you need to make sure that the nessusd daemon is up and running. After that an user needs to be added. This can be done using the command ‘nessus-adduser’ (of course, without the quotes).
The figure below explains it quite well:

Adding an user

This user will be able to login to the client and run the scan.

Then you can start the client by entering the command ‘nessus’ through the console.
You will be presented with an interface like in figure 2 .

This screen shot was taken while we were running a scan for one of our clients.

Figure 2

You just need to fill in the fields and click ‘Log in’

Please note that you might have to update the plugins and for that you need to get your scanner registered online. The process takes just a couple of minutes and the instructions are available at http://www.nessus.org/plugins/index.php?view=register-info

Then you need to click on the tab ‘Plugins’

Figure 3

Enable all the plugins as shown above in figure 3. If you do not enable the required plugins then the scan will not return the desired results.

Certain plugins might cause freezing of the network from which you are running the scan . So, make sure  you have the system administrators ready in case you run into any trouble.

Now, you need to mention the ‘target’ machine on which the scan is going to be run.  Please refer to figure 4 below :

Figure 4

Now, you can go ahead and ‘Start the scan’ . You can see the progress of the scan on your screen as shown in figure 5.

Figure 5

Once the scan is completed, you will be presented  with a report as the one given below in figure 6.

Figure 6

This report can be exported to html or pdf format also.

For reference, I am pasting parts of the pdf that we got after scanning the client server.

The above part depicts the summary of the scan on the whole.

The one below shows the part which explains one of the vulnerability and the suggested solution.

Likewise, you will get a detailed report about the potential problems and the suggested fixes.
If all the vulnerabilities are fixed then the server is most likely to achieve PCI compliance.

I hope this article would be helpful for some people out here. If you have any further queries then do get back to us. We would be happy to help you.