 |
Using unhide with rkhunter
Unhide is a program that will detect hidden processes on your system. It is a good complement to rkhunter (a rootkit scanner for Linux and Unix). Rkhunter will make use of unhide if you have unhide installed on your system. Here is a little tutorial on how to do it (I assume you have rkhunter already installed and configured, and are familiar with its use.):1. Download unhide and unpack in a temporary directory.
2. If you are using Linux with a 2.6 kernel, create the executable by running the command:
gcc -Wall -o unhide unhide-linux26.c
3. If you are running any other kernel, run this command:
gcc -Wall -o unhide unhide.c
4. Copy the executable to a place where rkhunter can find it:
cp unhide /usr/local/bin/
5. Rerun rkhunter --propupd (so that unhide will not throw a warning in rkhunter!)
6. That's it! The next time you run rkhunter, it will discover and make use of unhide.
30.09.2007. 13:28
How do I use .htaccess to block or drop an IP address that is attacking my server?
If you want to deny access to a specific IP address, you can add the following to your .htacess file in the root directory of your web site:order allow,deny
deny from 64.38.244.72
allow from all
This example shows how to deny access to the IP address 64.38.244.72
How do I use iptables to block or drop an IP address that is attacking my server?
If you want to block access to your Linux server, you can use iptables. iptables comes standard with almost all linux distros. You have to log in and su to root.In this example, the attacking IP is 64.38.244.72:
Type the command "iptables -A INPUT -s 64.38.244.72/32 -j DROP"
If you want to block access to a single port from an ip:
Type the command "iptables -A INPUT -s 64.38.244.72/32 -p tcp --destination-port 80 -j DROP"
This will drop all packets from 64.38.244.72/32 to port 80 (http) on the server.