penguinpowernz/README.md

## README.md

      
    Raw
  

              README.md
            
          
    Linux/Cdorked.A detector

This script uses the tool from ESET to check the RAM of a linux system for the Linux/Cdorked.A malware.  It uses the tool as of April 2013.  As of this date the malware had only been known about for a month with research still ongoing.  For this reason there may be a later version of the tool available.
I found the tool on the ESET page describing the Linux/Cdorked.A malware so that would likely be the best place to check for updates, if there are any.
How to run it

If you are here, you can probably tell that the below script does nothing harmful so run one of the following commands at terminal to execute it in a single command:
curl https://gist.github.com/penguinpowernz/5731076/raw/9f49d592f9281ad2e212f05dfec076985d4d8e42/cdorked_detect.sh | sh
wget https://gist.github.com/penguinpowernz/5731076/raw/9f49d592f9281ad2e212f05dfec076985d4d8e42/cdorked_detect.sh --no-check-certificate -O - | sh
If you are good you will see this printed out:
No shared memory matching Cdorked signature was found.
To further verify your server, run "ipcs -m -p" and look for a memory segments created by your http server.

More info

For more information please see the ESETs We Live Security blog post at http://www.welivesecurity.com/2013/05/07/linuxcdorked-malware-lighttpd-and-nginx-web-servers-also-affected/

  
## cdorked_detect.sh
#!/bin/bash

# Jump into tmp
cd /tmp

# Get the source from ESET
wget http://www.welivesecurity.com/wp-content/uploads/2013/04/dump_cdorked_config.c -O dump_cdorked_config.c -q

# Make sure we have GCC available
if [ "$(which gcc 2>&1 > /dev/null ; echo $?)" != "0" ]; then
  echo "GCC is not installed.  Please install it before running this script";
  echo "  Debian: sudo apt-get install build-essential";
  echo "  Fedora: sudo yum groupinstall \"Development Tools\"";
  exit 1;
fi;

# Build the lib
gcc -o dump_cdorked_config dump_cdorked_config.c

# check if building the tool worked
if [ "$?" != "0" ]; then
  echo "Building the tool failed... :(";
  exit 1;
fi;

# Run the tool
./dump_cdorked_config
	#!/bin/bash

	# Jump into tmp
	cd /tmp

	# Get the source from ESET
	wget http://www.welivesecurity.com/wp-content/uploads/2013/04/dump_cdorked_config.c -O dump_cdorked_config.c -q

	# Make sure we have GCC available
	if [ "$(which gcc 2>&1 > /dev/null ; echo $?)" != "0" ]; then
	echo "GCC is not installed. Please install it before running this script";
	echo " Debian: sudo apt-get install build-essential";
	echo " Fedora: sudo yum groupinstall \"Development Tools\"";
	exit 1;
	fi;

	# Build the lib
	gcc -o dump_cdorked_config dump_cdorked_config.c

	# check if building the tool worked
	if [ "$?" != "0" ]; then
	echo "Building the tool failed... :(";
	exit 1;
	fi;

	# Run the tool
	./dump_cdorked_config