Rootkit found on my Centos server

Need help with your Linux distro? All questions are good - not all answers are -but we try

Moderator: jkerr82508

User avatar
viking60
Über-Berserk
Posts: 9273
Joined: 14 Mar 2010, 16:34

Rootkit found on my Centos server

Postby viking60 » 19 Aug 2016, 14:33

I did a scan with Rkunter on my Centos server and it came up with a possible rootkit find:

Code: Select all

Rootkit checks...
Rootkits checked : 368
Possible rootkits: 1
 Rootkit names    : Lite5-r Rootkit

Image
So I checked the logs:

Code: Select all

cat /var/log/rkhunter/rkhunter.log |grep 'Lite5-r Rootkit'


And it came up with

Code: Select all

Found file '/tmp/.bash_history'. Possible rootkit: Lite5-r Rootkit


I cannot find that this is a false positive on the net.
The file /tmp/.bash_history contains :

Code: Select all

passwd
exit


Help!
Manjaro 64bit on the main box -Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz and nVidia Corporation GT200b [GeForce GTX 275] (rev a1. + Centos on the server - Arch on the laptop.
"There are no stupid questions - Only stupid answers!"

User avatar
viking60
Über-Berserk
Posts: 9273
Joined: 14 Mar 2010, 16:34

Re: Rootkit found on my Centos server

Postby viking60 » 19 Aug 2016, 14:58

Well I simply deleted the file -Berserk style

Code: Select all

rm /tmp/.bash_history


And checked again with rkhunter this time it did not find anything. I guess that kind of solves the issue (But rootkit issues often mean reinstalling the OS).
The history seems to work just fine.
Manjaro 64bit on the main box -Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz and nVidia Corporation GT200b [GeForce GTX 275] (rev a1. + Centos on the server - Arch on the laptop.
"There are no stupid questions - Only stupid answers!"

User avatar
R_Head
Berserk
Posts: 2558
Joined: 17 Mar 2010, 15:40

Re: Rootkit found on my Centos server

Postby R_Head » 19 Aug 2016, 18:22

Interesting... I believe that I can use the same commands on my Mageia 5 PC?

User avatar
viking60
Über-Berserk
Posts: 9273
Joined: 14 Mar 2010, 16:34

Re: Rootkit found on my Centos server

Postby viking60 » 20 Aug 2016, 06:40

Sure! if you have installed Rkhunter.
The command would be:

Code: Select all

sudo rkhunter -c

to scan your box for nasty stuff.
Manjaro 64bit on the main box -Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz and nVidia Corporation GT200b [GeForce GTX 275] (rev a1. + Centos on the server - Arch on the laptop.
"There are no stupid questions - Only stupid answers!"


Return to “Help”