sophos rootkit
chkrootkit 0.48
Open source tool to check for signs of a rootkit on your Mac more>> Open source tool to check for signs of a rootkit on your Mac
chkrootkit is a free and open source security tool to locally check for signs of a rootkit.
chkrootkit has been tested on: Mac OS X, Linux 2.0.x, 2.2.x, 2.4.x and 2.6.x, FreeBSD 2.2.x, 3.x, 4.x and 5.x, NetBSD 1.6.x, OpenBSD 2.x, 3.x and 4.x., Solaris 2.5.1, 2.6, 8.0 and 9.0, HP-UX 11, Tru64, and BSDI.
chkrootkit comes with the following tools:
- chkrootkit: shell script that checks system binaries for rootkit modification.
- ifpromisc.c: checks if the interface is in promiscuous mode.
- chklastlog.c: checks for lastlog deletions.
- chkwtmp.c: checks for wtmp deletions.
- check_wtmpx.c: checks for wtmpx deletions. (Solaris only)
- chkproc.c: checks for signs of LKM trojans.
- chkdirs.c: checks for signs of LKM trojans.
- strings.c: quick and dirty strings replacement.
- chkutmp.c: checks for utmp deletions.
Enhancements
- new tests: common SSH brute force scanners, suspicious PHP files
- enhanced tests: login, netstat, top, backdoor
- some minor bug fixes
OS X Rootkit Hunter 0.1
OS X Rootkit Hunter - Scans OS for rootkits & other vulnerabilities more>>
OS X Rootkit Hunter is scanning tool to detect nasty tools on your Mac. This tool scans for rootkits, backdoors and local exploits by running tests like:
- MD5 hash compare
- Look for default files used by rootkits
- Wrong file permissions for binaries
- Look for suspected strings in LKM and KLD modules
- Look for hidden files
- Optional scan within plaintext and binary files
*not yet tested on intel MACs.
Sophos Anti-Virus 7.0.5
Sophos Anti-Virus 7.0.5, which is known as a part of Sophos Endpoint Security and Data Protection can help you protect both Intel-based and PowerPC-based Macintosh servers, desktops and laptops. more>> <<less
Network-centric virus protection softwareRootkit Hunter 1.3.4
Scanning tool to ensure you that youre clean of nasty tools more>> Scanning tool to ensure you that youre clean of nasty tools
Rootkit Hunter is a free and open source tool that scans your system for backdoors, rootkits, and local exploits by running tests like:
- MD5 hash compare
- Look for default files used by rootkits
- Wrong file permissions for binaries
- Look for suspected strings in LKM and KLD modules
- Look for hidden files
- Optional scan within plaintext and binary files
Enhancements
New:
- Added IntoXonia-NG rootkit check.
- Added Vampire rootkit check.
- Added support for TCB shadow files.
- Added Phalanx2 rootkit check.
Changes:
- The MAIL-ON-WARNING option must now exist in the configuration file. This avoids it being accidentally misspelt, and rkhunter then not notifying the user of any warnings.
- The DBDIR directory can now be read-only, after installation, provided that neither of the --propupd or --update options are specified, and that the --versioncheck option is not specified if ROTATE_MIRRORS is set to 1 in the configuration file.
- Renamed the cron job file created by the RPM spec file from 01-rkhunter to rkhunter. This will then run rkhunter after a prelink cron job (if one exists), and avoid some of the run prelink errors.
- The system startup file and directory tests have now been merged. The configuration file options LOCAL_RC_PATH and SYSTEM_RC_DIR have been replaced by the STARTUP_PATHS option, but, for compatability, they will still be recognised.
- The ALLOWPROCDELFILE configuration option, used to whitelist specific processes from the deleted files test, can now be followed by a colon-separated list of pathnames. The given process will then only be whitelisted if it is using one of the given pathnames.
- The --propupd option can now take an optional file, directory or package name after it. The argument can be a list of names. When used, then only the given file names will be updated in the rkhunter.dat file. Hopefully this will make things a bit quicker on slower machines. See the man page for more details. If using a package manager, then you must run rkhunter --propupd first.
- The Linux os_specific test has now been split into two separate tests - loaded_modules and avail_modules. The tests, however, are the same as before, they check the currently loaded kernel modules and the names of the available modules. A new configuration file option has been added, called MODULES_DIR, so that users can specify which directory, and sub-directories, are checked for bad module names, should rkhunter be unable to work out the correct location.
- The pathname of the debug file, if used, is now written to the log file.
Bugfixes:
- Cater for when ROOTDIR is explicitly set to /.
- Added an infinite loop check to the readlink.sh supplied scriptonly 64 levels of symbolic links are allowed now. Also cater better for top-level names and links, and file names with spaces.
- Improved the rsyslog remote logging check.
- The wrong error message was shown if the English (en) language file was missing.
- The hidden files and directories check wasnt checking for directories!
- Improved the O/S name detection. Previously the lsb-release file would have preference to any other file. This could result in some gibberish being given as the O/S name, rather than continuing to look for other release files. This has now been fixed.
- The tests against the SSH configuration file now accept the key/value pair to be separated by an equals sign as well as spaces and/or tabs.
- The file properties inode check did not work correctly when used on non-prelinked systems with the RPM package manager. The test is now only performed when prelinking is not being used, and the inode data is always obtained from the disk. This is a partial fix, as the test should run for scripts regardless of whether prelinking is used or not.
- The debug file is now created with a random name, and the file permissions are set to 600.
Rootkit Hunter 0.1 is a convenient and smart software which is developed on the ... "rootkit hunter" but it has been editted for easier/better utilization on Mac OS X. OS X Rootkit- Page: 1 of 1
- 1
