What is a rootkits?

last updated in Categories

A rootkit is a:

  • Set of software tools
  • Used by a an intruder
  • Installed by an intruder after gaining access to a computer system
  • They hides:
  • Logins
  • Other processes
  • Files, and logs etc from user

Rootkits exist for a variety of operating systems such as Linux, Solaris and versions of Microsoft Windows. A computer with a rootkit on it is called a rooted computer.

Why is it possible to create symbolic links across file system boundaries?

last updated in Categories

Symbolic links link by pathname rather than inode number. As you know, each pathname is a unique file on a system. Because of this, it is possible to create symbolic links across file system boundaries. Try to create symbolic links using following command:

$ touch /home/you/file1
# ln -s /home/you/file1 /tmp/file2

Find out inode of both file1 and file2

# ls -i /home/you/file1

1567789

# ls -i /tmp/file2

1567795
As you can see inode number are unique to each file. So it is possible to create symbolic links across file system boundaries. Please note that in above example both /tmp and /home are two different file systems.

See also:

Howto: Prevent root user from being able to log in via SSH service

last updated in Categories , , ,

Securing root account is one of the main tasks. Most systems have a password assigned to the root account. The first thing you do is assume that the password is always compromised. This does not mean that you should remove the password. The password is almost always necessary for console access to the machine. What it does mean is that you should not make it possible to use the password outside of the console. Direct root logins should only be allowed via the system console.

1) Login as a root user

2) Open /etc/ssh/sshd_config file
# vi /etc/ssh/sshd_config

3) Make changes to ssh server configuration find the following line or edit the line from:
PermitRootLogin yes

Change it to:
PermitRootLogin no

4) Save the changes

5) Restart sshd service
# /etc/init.d/sshd restart

The option PermitRootLogin specifies whether root can log in using ssh.

How can I find out if my Ethernet card (NIC) is being recognized or not?

last updated in Categories

Ethernet card is lifeline of any Linux server. So if you need to find out find out if your Ethernet card is being recognized or not then use dmesg, ifconfig, or netstat command. Command ifconfig can be use to configure a network interface card as well as to find out information about Ethernet card. If you want find out NIC Ethernet chip set then you can use lspci command (see below for an example of lspci).

# /sbin/ifconfig

Output:

eth0      Link encap:Ethernet  HWaddr 00:0F:EA:91:04:07
    inet addr:192.168.1.2  Bcast:192.168.1.255  Mask:255.255.255.0
    inet6 addr: fe80::20f:eaff:fe91:407/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
    RX packets:64874 errors:0 dropped:0 overruns:0 frame:0
    TX packets:65189 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:50448703 (48.1 MiB)  TX bytes:13648924 (13.0 MiB)
    Interrupt:18 Base address:0xc000

Note If you get output eth0 then your card is being recognized.
The dmesg program helps users to print out their bootup messages. Messages are stored in /var/log/dmesg (Debian Linux):
# cat /var/log/dmesg |grep -i eth0

Output:

eth0: RealTek RTL8139 at 0xc000, 00:0f:ea:91:04:07, IRQ 18
eth0:  Identified 8139 chip type 'RTL-8100B/8139D'
eth0: link up, 100Mbps, full-duplex, lpa 0x45E1

OR

# dmesg | grep -i eth0

Display a table of all network interfaces:
# netstat -i

Output:

Iface   MTU Met   RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0   1500 0     64858      0      0      0    65172      0      0      0 BMRU
eth0:  1500 0       - no statistics available -                            BMRU
lo    16436 0      8133      0      0      0     8133      0      0      0 LRU

Find out NIC chipset
For further troubleshooting of your Ethernet card (NIC) I recommend to use lspci command. lspci is a utility for displaying information about all PCI buses in the system and all devices connected to them.
lspci | less
OR
lspci | grep Ethernet

Output:

0000:01:05.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL-8139/8139C/8139C+ (rev 10)

In above example I have “Realtek Semiconductor” NIC with RTL-8139/8139C/8139C chip set.