Saturday, March 1, 2008

HOWTO: Linux/Rst-B Scanning

As much as we all love to rave about how secure *nix installs are, it -is- still possible to get infected by the one or two variants of malware out there. Some admins (myself included at points) get lulled into a sense of security knowing that we've got billions of Windows machines acting as human shields to protect us, but we do need to take steps to make sure we don't become part of the botnet brigade.

There is one package out there (Linux/Rst-B) that seems to be the most common (relatively speaking) issue out there for *nix, and there is a handy tool for detecting it. It comes with a pre-compiled binary for Debian (which works in Ubuntu as well).

We're going to put it in /usr/local/sbin, so that it is on the path for later on:
sudo su -
cd /usr/local/sbin/
wget http://www.sophos.com/support/cleaners/detection_tool.tar.gz
tar xvfz detection_tool.tar.gz
I realize that you can just sudo the wget and extraction commands if you don't have write privs on sbin/, but hey, I'm lazy.

This will extract the detection_tool/ directory, which gives you the source and the pre-compiled binaries. To compile from source:
cd /usr/local/sbin/detection_tool
make
Copy the binary to the sbin/ directory with link:
ln -s /usr/local/sbin/detection_tool/pre-compiled/detection_tool /usr/local/sbin/rst_detection_tool

OR, if compiled from source:
ln -s /usr/local/sbin/detection_tool/detection_tool /usr/local/sbin/rst_detection_tool

To use:
rst_detection_tool [-v] (path)

So to scan the entire filesystem:
rst_detection_tool /

If all is well, you'll get this output:
root@ubuShock:/usr/local/sbin# rst_detection_tool /
Sophos Rst-B Detection Tool
---------------------------
Copyright (c) 2008 Sophos Plc. All rights reserved.

Scanned 681699 files, found 0 infections of Linux/Rst-B.
End of scan.
root@ubuShock:/usr/local/sbin#

Anyway, best of luck.

NOTE: This howto taken from Howtoforge - Which is a great place for howtos relating to linux. I've altered it a bit to make it a bit easier to read IMHO.

1 comment :

m7sbx36mgz said...

If may be} on the lookout for a new new} expertise in your gambling life, that is the place you should to} start. You'll have to create an account to play games, and all of your progress remains secure in your account. The only drawback is its availability; even with VPNs, you may not in a position to|be capable of|have the ability to} entry this website. You have to expertise one of the country’s most unusual gaming settings, The Outdoor Gaming Terrace. The out of doors gaming area options six video roulette machines and a few of our most popular slot games, including Dancing Drums, 바카라사이트 Buffalos, and 88 Fortunes. The coated terrace is ideal for gaming, having fun with a cocktail, and experiencing nice views of the area.

Search.

Google