ubuntu snippets

This guide explains how to find rootkits, worms, Loadable Kernel Modules(LKMs) using chkrootkit. But first we need to install chkroot package before we start using it. sudo apt-get -y install chkrootkit Now run the following command to check for presence of infected binaries. sudo chkroot chkroot command checks for following worms, rootkits and LKMs lrk3, lrk4, lrk5, lrk6 (and variants) Solaris rootkit FreeBSD rootkit t0rn (and variants) Ambient's Rootkit (ARK) Ramen Worm rh[67]-shaper RSHA Romanian rootkit RK17 Lion Worm Adore Worm LPD Worm kenny-rk Adore LKM ShitC Worm Omega Worm Wormkit Worm Maniac-RK dsc-rootkit Ducoci rootkit x.c Worm RST.b trojan duarawkz knark LKM Monkit Hidrootkit Bobkit Pizdakit t0rn v8.0 Showtee Optickit T.R.K MithRa's Rootkit George SucKIT Scalper Slapper A, B, C and D OpenBSD rk v1 Illogic rootkit SK rootkit sebek LKM Romanian rootkit LOC rootkit shv4 rootkit Aquatica rootkit ZK rootkit 55808....

If you have a machine that is exposed to external network then there is a chance that some bot is poking your machine and you need to harden all entry points of your machine. fail2ban is a small program that monitors all your authentication logs for failed login attempts and blocks the bots depending on the thresholds that you specified in configuration file. Installation sudo apt-get -y install fail2ban fail2ban blocks bots for only 600 seconds. To change this setting you have to open /etc/fail2ban/jail.conf and change the configuration option bantime . And restart fail2ban using following command. sudo /etc/init.d/fail2ban restart