Skip to content

Instantly share code, notes, and snippets.

@rodvan
Created March 4, 2016 16:31
Show Gist options
  • Save rodvan/4fe70b3bb8a10679955f to your computer and use it in GitHub Desktop.
Save rodvan/4fe70b3bb8a10679955f to your computer and use it in GitHub Desktop.
cd ~
echo copy this to clipboard editing php.ini
echo disable_functions = shell_exec, shell_exec, system
echo sleeping 8sec
sleep 8
cp /usr/local/lib/php.ini /usr/local/lib/php.ini.DINIX
vi /usr/local/lib/php.ini
service httpd stop
sleep 5
service httpd start
echo chek phpver
php -i | grep Power
sleep 5
rm -Rf rkhunter*
wget http://downloads.rootkit.nl/rkhunter-1.1.8.tar.gz
tar zxf rkhunter-*.tar.gz;
cd rkhunter
./installer.sh
/usr/local/bin/rkhunter --update
echo Running rkhunter NOW ...
/usr/local/bin/rkhunter -c --cronjob|egrep -v "(OK|Clean)" > /hackcheck.txt
cd ..
rm -Rf rkhunter*
echo ls -la /var/tmp >> /hackcheck.txt
ls -la /var/tmp >> /hackcheck.txt
echo ls -la /tmp >> /hackcheck.txt
ls -la /tmp >> /hackcheck.txt
echo ls -la /dev/shm >> /hackcheck.txt
ls -la /dev/shm >> /hackcheck.txt
echo ls -la /usr/local/apache/proxy >> /hackcheck.txt
ls -la /usr/local/apache/proxy >> /hackcheck.txt
echo ls -la /var/spool/samba >> /hackcheck.txt
ls -la /var/spool/samba >> /hackcheck.txt
crontab -l >> /hackcheck.txt
echo This will take for ever ... checking domlogs ^C if you want
sleep 5
for files in /usr/local/apache/domlogs/*; do grep "wget" $files; done; >> /hackcheck.txt
echo LOG LOCATED @ /hackcheck.txt
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment