Electronic Books

2. From the boot prompt, type insert and press Enter. INSERT should boot to a desktop.
CROSS-REF
247
Securing Linux 6
3. To be able to check the Linux system installed on your hard disk, you need to mount the
partition representing your installed Linux system. Using the mount.app applet (displayed
in the lower-right corner of the screen), click the arrows on that applet to click
through the available storage media. If Linux was installed on the first partition of the
first hard disk, select hda1. Then click the mount button to mount that partition.
4. Open a Terminal window by right-clicking the desktop and selecting Terminal Session???
Aterm - super user. A Terminal window opens.
5. Run the chkrootkit command and save the output to a file. For example, run the following
command to check the file system mounted on /mnt/hda1 and send the output
to a file name chkroot-output.txt:
# chkrootkit -r /mnt/hda1 > /tmp/chkroot-output.txt
6. When the command completes, page through the output. For example:
# less /tmp/chkroot-output.txt
ROOTDIR is ???/mnt/hda1/???
Checking ???amd??™ ... not found
Checking ???basename??™ ... not infected
.
.
.
7. Press the spacebar to page through the output. The output should reveal the following:
 If a rootkit has been planted on your system, some commands will likely come up as
infected.


Pages:
505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529