| Chapter 4: Looking for Vulnerabilities




Download 22,59 Mb.
Pdf ko'rish
bet122/225
Sana14.05.2024
Hajmi22,59 Mb.
#232856
1   ...   118   119   120   121   122   123   124   125   ...   225
Bog'liq
learningkalilinux

126 | Chapter 4: Looking for Vulnerabilities

If root kit software has been installed, it may mean that a vulnerability somewhere
has been exploited. It also means that software that you don’t want is running on your
system. Knowing about Rootkit Hunter can be useful to allow you to scan systems.
You may want to spend time running this program on any system that you have run
scanners against and found vulnerabilities. This may be an indication that the system
has been compromised. Running Rootkit Hunter will allow you to determine whether
root kits are installed on your system.
The name of the executable is 
rkhunter
and it’s easy to run, though it’s not installed in
a default build of the current Kali Linux distribution. 
rkhunter
runs checks to deter‐
mine whether root kits have been installed. To start with, it runs checks on file per‐
missions, which you can see a sample of in 
Example 4-5
. Beyond that, 
rkhunter
does
pattern searches for signatures of what known root kits look like. Just like most anti‐
virus programs
rkhunter
can’t find what it doesn’t know about. It will look for
anomalies, like incorrect file permissions. It will look for files that it knows about
from known root kits. If there are root kits it doesn’t know about, those won’t be
detected.
Example 4-5. Running Rootkit Hunter
root@rosebud:~# rkhunter --check
[
Rootkit Hunter version 1.4.4 
]
Checking system commands...
Performing 
'strings'
command 
checks
Checking 
'strings'
command
[
OK 
]
Performing 
'shared libraries'
checks
Checking 
for
preloading variables
[
None found
]
Checking 
for
preloaded libraries
[
None found
]
Checking LD_LIBRARY_PATH variable
[
Not found
]
Performing file properties checks
Checking 
for
prerequisites
[
OK 
]
/usr/sbin/adduser
[
OK 
]
/usr/sbin/chroot
[
OK 
]
/usr/sbin/cron
[
OK 
]
/usr/sbin/groupadd
[
OK 
]
/usr/sbin/groupdel
[
OK 
]
/usr/sbin/groupmod
[
OK 
]
/usr/sbin/grpck
[
OK 
]
As with 
lynis
, this is a software package; you would need to install Rootkit Hunter on
a system that you were auditing. If you are doing a lot of work with testing and
exploits on your Kali instance, it’s not a bad idea to keep checking your own system.
Any time you run software from a source you don’t necessarily trust completely,

Download 22,59 Mb.
1   ...   118   119   120   121   122   123   124   125   ...   225




Download 22,59 Mb.
Pdf ko'rish