Over my publicly reachable servers I’ve installed for security reasons, among some other tools, Rootkit Hunter.
What does rkhunter do?
Rkhunter is much like a virus scanner for a Windows system.
It has definitions to help identify rootkits and reports them. Just like anything, rkhunter isn’t 100%, but it weeds out the majority of rootkits. Upon running rkhunter, various system files, conf files, and bin directories are examined. The results are cross-referenced against the results of infected systems (from the definitions) and the results are compiled. This is where *nix systems really shine. While your OS may vary, and how it’s compiled or configured, the file system and configuration is basically the same.
This allows programs like rkhunter to provide results with a fairly small window for error or false positive.
While the installation via the distribution repositories is trivial, fine tuning the rkhunter.conf file is another pair of hands, since we have to tailor it to our system’s configuration and handle those false positive warning messages. Periodically receiving those, in fact, lowers our level of attention on the signals coming from the server.
So it’s a good idea to have a read on the provided README file provided by your distribution’s package. Over a CentOS 5.8 system of mine you make it giving a simple:
One of the most annoying false positive warning message I had to deal with was the one regarding the Nagios‘ NRPE plugin running as a xinetd service.
The solution I found after some googling was to edit the /etc/rkhunter.conf file in this way:
# This setting tells rkhunter where the xinetd configuration
# file is located.
# ^^^ de-commented by me $INSERT-DATE
# ^^^ added by me $INSERT-DATE
This has solved the issue and I got no more warnings about it!
Reading a Mac mailing list I found a subscriber that asked how to prevent access to the Mail.app application (and so to it’s data) on an iMac shared with four other people on a front desk in an art gallery.
Another user suggested him the usage of MacAppBlocker, from KnewSense Software:
With Mac App Blocker, you can password-protect EACH application on your Mac. Keep your apps and your Mac safe. Set a timeout value to automatically exit the protected application so even when you leave your computer unattended, you’re still protected.
Personally I’ve never been in a situation needing a solution like this one, but I’ve thought about writing down a note on this since one can never know what the future needs will be ;-)
Written by two Debian developers — Raphaël Hertzog and Roland Mas — the Debian Administrator’s Handbook started as a translation of their French best-seller known as Cahier de l’admin Debian (published by Eyrolles).
It’s a fantastic resource for all users of a Debian-based distribution.
Accessible to all, this book teaches the essentials to anyone who wants to become an effective and independant Debian GNU/Linux administrator.
Given that traditional editors did not want to take the risk to make this translation, we decided to do the translation ourselves and to self-publish the result. After a successful crowdfunding campaign, we managed to complete this translation between December 2011 and May 2012.
To live up to our free software ideals, we wanted the book to be freely available (that is under the terms of a license compatible with the Debian Free Software Guidelines of course). There was a condition though: a liberation fund had to be completed to ensure we had a decent compensation for the work that the book represents. This fund reached its target of €25K in April 2012.
Yesterday I was reading some friends’ RSS feed when I found this nice resource for us little geek around on the topic of berver’s rack mounting and management. If you too are into this world don’t miss the chance to bookmark/follow these guys!
It’s been a hard day’s night, and I’ve been working like a dog
It’s been a hard day’s night, I should be sleeping like a log the Beatles
If you didn’t hear me, or saw some of our websites going down now you can safely guess why …
Are you a power-user with 5 minutes to spare? Do you want a faster internet experience?
Try out namebench. It hunts down the fastest DNS servers available for your computer to use. namebench runs a fair and thorough benchmark using your web browser history, tcpdump output, or standardized datasets in order to provide an individualized recommendation. namebench is completely free and does not modify your system in any way. This project began as a 20% project at Google.
namebench runs on Mac OS X, Windows, and UNIX, and is available with a graphical user interface as well as a command-line interface.