| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <3FE64F44.7060704@onryou.com> From: lists at onryou.com (Cael Abal) Subject: Removing ShKit Root Kit Chris wrote: > Can anyone reccomend some links or useful information for removing > the "ShKit Rootkit". CHKROOTKIT detected this thing on a RedHat > 8.0 server owned by a client of mine. > > "Searching for ShKit rootkit default files and dirs... Possible > ShKit rootkit installed" <== chkrootkit output > > I have only read limited information on this rootkit from a > honeypot report where it was used, no cleaning information. Ive > googled a bunch of times, dont go out of your way to answer this, > the box will be redone anyway. Im just curious to find out what > this rootkit is about, not even packetstorm has a copy to look at > :) Hi Chris, The only real way to recover from a rooted machine is a complete wipe and reinstall, regardless of the rootkit. I definitely wouldn't recommend trying to 'clean' a server, especially using some third-party tool. I know this isn't what you're looking for (and I'm sure you're aware of the pitfalls associated with trying to secure a rooted box) -- this is more of a heads-up to those just getting their infosec feet wet. I'm imagining hordes of kids out there think that re-securing a rooted box is just a matter of clicking the 'Uninstall ro0tkit...' button. take care, Cael
Powered by blists - more mailing lists