chkrootkit
chkrootkit is a shell script that examines your system's binaries for rootkit installations. In this case, a rootkit is a software modification, performed on the system, that someone can use to gain administrative access to the server undetected. To install chkrootkit:
- Log into your server as the root user.
- Enter the /root/directory using the following command:
cd /root
- Use the following command to download chkrootkit:
wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz
- Uncompress the
.tar.gz.file using the following command:tar -xvzf chkrootkit.tar.gz
- Enter the new directory using the following command:
cd chkrootkit-0.49
- Begin the chkrootkit installation using the following command:
make sense
At this point, chkrootkit should install successfully on your server. To run rootkit, enter the following command:
/root/chkrootkit-0.49/chkrootkit
We strongly recommend that you run chkrootkit often and add a cronjob that runs the command above.
Modify the Logwatch Configuration File
Logwatch is a customizable log analysis system. It parses your system's log files for a given period of time and creates a report analyzing specified data. Logwatch is already installed on most cPanel & WHM servers.
The Logwatch configuration file is located at: /usr/share/logwatch/default.conf/logwatch.conf
To make the necessary edits, you will need to open the file listed above with your preferred text editor. We recommend changing the following parameters:
- MailTo = [email protected]
- Note: You will need to replace
[email protected]in the example above with the email address at which you wish to receive notifications from Logwatch.
- Note: You will need to replace
- Detail = 5 or Detail = 10
- Note: Changing this parameter allows you to receive more detailed log files. A value of
5would represent a medium level of detail while a value of10would result in a high level of detail.
- Note: Changing this parameter allows you to receive more detailed log files. A value of
Make sure to save your changes when you are finished editing this file.
ConfigServer Software
Many of our technical analysts recommend using CSF. CSF is a free product provided by ConfigServer. CSF is a stateful packet inspection (SPI) firewall, login and intrusion detection mechanism, and general security application for Linux servers. For more information about using and installing CSF, you can visit the CSF website.
ConfigServer also provides a free add-on product for cPanel & WHM called ConfigServer Mail Queues (CMQ). The product provides a full featured interface to cPanel's Exim mail queues from within WHM. For more information about using and installing CMQ, you can visit the CMQ website.