Sometimes the server is in a strange situation, suspect that the machine is compromised, you can use this chkrootkig tool:
Chkrootkit is an open source security Detection Tool His official website is www.chkrootkit.org
: http://pkgs.repoforge.org/chkrootkit/
Download the corresponding package according to the OS version:
wget http://pkgs.repoforge.org/chkrootkit/chkrootkit-0.49-1.el5.rf.x86_64.rpm
Start detection:
Run Chkrootkit
[Email protected] ~]# Chkrootkit-r
RootDir is '/'
Checking ' AMD ' ... not found
Checking ' basename ' ... not infected
Checking ' biff ' ... not found
Checking ' CHFN ' ... not infected
Checking ' Chsh ' ... not infected
Checking ' cron ' ... not infected
Checking ' crontab ' ... not infected
Checking ' Date ' ... not infected
Checking ' du ' ... not infected
Checking ' dirname ' ... not infected
Checking ' echo ' ... not infected
Checking ' egrep ' ... not infected
Checking ' env ' ... not infected
Checking ' Find ' ... not infected
Checking ' fingerd ' ... not found
Checking ' gpm ' ... not found
If you have a warning field, you need to pay attention to whether the Recruit!
This article is from the "less stubborn" blog, please be sure to keep this source http://xushaojie.blog.51cto.com/6205370/1772713
Linux Intrusion Detection Tool Chkrootkit