Linux Tips • Page 107 of 115 • Getting you up to speed!

Let’s Use rkhunter To Look For Rootkits

In this article, we’ll go hunting for rootkits with a tool known as ‘rkhunter‘. It’s relatively easy to use rkhunter and this article will show you how. Don’t worry, it’s not all that complicated. You can do it.

Recommended reading: What You Need to Know About Linux Rootkits

So, what is a rootkit? Well, for the purposes of this exercise, a rootkit is malware that hides itself while allowing privileged access to the system. In other words, it’s the kit that allows an unauthorized person to use the system with root privileges. The word ‘malware‘ refers to software that would do you or your system harm.

A rootkit is one of many types of malware, like viruses and trojans, and Linux isn’t entirely immune to such. If you give an application privileges, it can and will use those privileges. That’s true for software you want and software you don’t want.

Malware exists for Linux! Know what you’re installing before you install it, and get your software from legitimate sources! Linux has some security advantages, and your actions can easily nullify those advantages. If you give something the permissions necessary to make it executable, it can be executed – even if it’s malware.

The rkhunter application is a software tool that will help you check your system for rootkits and some other exploits. It doesn’t help you remove them, it only helps you identify them.

If you’re curious, rkhunter describes itself as:

rkhunter is a shell script which carries out various checks on the local system to try and detect known rootkits and malware. It also performs checks to see if commands have been modified, if the system startup files have been modified, and various checks on the network interfaces, including checks for listening applications.

Let’s put it to use!

Hunt Rootkits With ‘rkhunter’:

In order to use rkhunter, you have to install it. It’s possibly in your default repos and your package manager is ready to install it. If not, you can grab a copy from their repository and build it. Those using Debian or the likes, can just install it with:

sudo apt install rkhunter

1	sudo apt install rkhunter

You can adjust that for your distro to see if it’s available. If it’s a mainstream distro, it’s probably available. Once installed, you start the scan with:

sudo rkhunter --check

1	sudo rkhunter --check

This command (there are others, jcheck man rkhunter) will be interactive. You need to sit there to press ENTER once in a while. It’s quick and monitoring it means you’ll see any warnings.

Once it has finished running it will tell you about any warnings. A warning doesn’t necessarily mean an infection!

After checking the warnings, see the log for more information. Read the log every time – that’s where most of the output is stored. Read the log with:

sudo cat /var/log/rkhunter.log

1	sudo cat /var/log/rkhunter.log

Now it’s up to you. You need to process that information. You may see output such as this:

[18:41:13] Rootkit checks...
[18:41:13] Rootkits checked : 477
[18:41:13] Possible rootkits: 8

[18:41:13] Rootkit checks...

[18:41:13] Rootkits checked : 477

[18:41:13] Possible rootkits: 8

That doesn’t mean I have 8 rootkits, it means I need to check the logs further to see what it’s calling a potential rootkit. In this case, one of the signs of a rootkit is a process that takes up a lot of RAM. Well, my browser is taking up a bunch of RAM and that’s one of the things it is warning me about.

When I say it’s up to you, it’s really up to you. You have to read the report and the logs to understand what is going on. DO NOT PANIC! The warnings can look scary – but they’re often just warnings. Read the logs thoroughly and understand what you’re reading before you do anything drastic!

Closure:

And there you have it! Another article in the books and this one about security. If you think you have a rootkit, feel free to leave a comment, but rkhunter tends to be a little trigger-happy with the warnings.

Thanks for reading! If you want to help, or if the site has helped you, you can donate, register to help, write an article, or buy inexpensive hosting to start your own site. If you scroll down, you can sign up for the newsletter, vote for the article, and comment.

Let’s Have a Limited Look at Linux’s cURL Application

This article is going to be a limited look at cURL, a Linux application used in the terminal to transfer data. cURL is a very extensive program and we’ll just be scratching the surface. You’ll see why we’re just scratching the surface soon enough. It’s a very comprehensive application.

So, what is cURL? It’s an application that you use in your terminal to transfer data. However, as said, it’s an insanely complicated program. We’re just barely going to scratch the surface. Let’s start with the definition.

First, ‘man curl’ defines itself nice and easily:

curl – transfer a URL

However, if you keep reading to find the description, you’ll find this gem:

curl is a tool to transfer data from or to a server, using one of the supported protocols (DICT, FILE, FTP, FTPS, GOPHER, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, POP3, POP3S, RTMP, RTSP, SCP, SFTP, SMB, SMBS, SMTP, SMTPS, TELNET and TFTP). The command is designed to work without user interaction.
curl offers a busload of useful tricks like proxy support, user authentication, FTP upload, HTTP post, SSL connections, cookies, file transfer resume, Metalink, and more. As you will see below, the number of features will make your head spin!

Yeah…

In fact, while we’re here, why don’t you have a look at the man page for cURL. Really, click that link! I think that may be one of the longest man pages out there. cURL was originally released in 1997 and appears to have picked up everything along the way.

We’ll just be going over installing it and a couple of ways you can get started using it. To learn more, read the man page!

Using cURL:

There’s some chance that it didn’t come installed with your distro’s basic installation, so let’s first cover some ways of installing it. It’s sure to be in your default repositories for any major distro, and will almost certainly be trivial to install.

Open your terminal by pressing CTRL + ALT + T and use the correct following command to install it:

Debian/Ubuntu/Derivatives:

sudo apt install curl

1	sudo apt install curl

OpenSUSE/Derivatives:

sudo zypper install curl

1	sudo zypper install curl

RHEL/Fedora/Derivatives:

sudo yum install curl

1	sudo yum install curl

Arch/Derivatives:

sudo pacman -Sy curl

1	sudo pacman -Sy curl

If your distro isn’t listed above, read the documentation for your distro’s package manager. If it’s not available, you can always build it from source. The project’s homepage can be found here.

With cURL now installed, and your terminal still open, you can test it easily enough. First, try this command:

curl https://linux-tips.us/temp/sample.txt

1	curl https://linux-tips.us/temp/sample.txt

That should give you a nice message. It’ll appear in your terminal and that’s it. When you close the terminal window, the message will be gone. So, what if you want to download it? For that, you use the -O switch. Let’s try something:

cd Downloads
mkdir temp
cd temp
curl -O https://linux-tips.us/temp/sample.txt

cd Downloads

mkdir temp

cd temp

curl -O https://linux-tips.us/temp/sample.txt

That will make ‘sample.txt’ download to that directory. It’s not entirely unlike wget in those regards. If you want to change the name of the fetched file, you use the -o switch and the new name. So, the above code would look like this:

cd Downloads
mkdir temp
cd temp
curl -o example.txt https://linux-tips.us/temp/sample.txt

cd Downloads

mkdir temp

cd temp

curl -o example.txt https://linux-tips.us/temp/sample.txt

That will save sample.txt as example.txt and both of those commands will show you the transfer’s progress. This specific file isn’t large enough for that to really matter, but it’s noteworthy that it does so for future transfers.

Those are just a couple of ways to use cURL, and that’s it. It’s seriously powerful and flexible. You can read the man page and learn more about it, as it is a tool we should all have in our toolboxes. It’s useful in many situations and is worth spending some time to learn more about it.

Closure:

There’s another article in the books! As mentioned, it’s just a very limited look at cURL. To do a full tutorial would take days and days worth of articles and I’m much happier just exposing new users to the basic functionality. Even if you already have it installed and know how to use it, be sure to curl the sample.txt!

How To: Graphically Login as Root in Ubuntu

In this article, I’m going to show you how to graphically login as root in Ubuntu. This is a generally considered a terrible idea and you should not do this. In fact, if you have a good reason for doing this, please leave a comment letting us know what that reason is. Thanks!

A couple of days ago, I told you how to enable root in Ubuntu. In that article, I explained why enabling login as root was a bad idea and unnecessary for most people. I still told you how to do it, just as I’ll tell you how to graphically login as root in Ubuntu and maybe some of the official Ubuntu flavors.

I should remind folks that this is a terrible idea from a security perspective – especially if you don’t have good physical security. However, if you don’t have good physical security then your computer is already easily compromised by anyone with a live USB in their pocket.

NOTE: This is only sure to work for Ubuntu. It looks like it should work from 18.04 to at least 20.10, and will probably continue to work until Ubuntu moves on from GDM3. (GDM3 is Gnome Display Manager 3, a drop-in replacement for GDM.) This may work for other Ubuntu flavors, I haven’t tested. If you do test or know, please leave a comment below. Thanks!

Anyhow, on with the explaining how to graphically login as root. This shouldn’t take too long!

GUI Login As Root:

The first step is to set up the system so that you can login as root. To do that, you should read this article and learn how to enable root login for Ubuntu. Be sure to read the warnings on that page and think carefully before doing this to your own computer.

After enabling root login, the next step is to open your default terminal. You can do that by pressing CTRL + ALT + T.

Now, let’s temporarily make you a superuser. You can do that with:

sudo su

sudo su

Our next step is to tell the aforementioned GDM3 to let us use the root login.

nano /etc/gdm3/custom.conf

1	nano /etc/gdm3/custom.conf

You’re going to arrow down to just below the automatic login configuration text and enter this line:

AllowRoot=true

1	AllowRoot=true

Then, you’ll save the changes by pressing CTRL + X, then Y, and then ENTER. See? Now you’ve edited and saved a file in the terminal with nano. It gets easier the more often you do it!

Next let PAM know:

Your next step is going to be telling PAM (Pluggable Authentication Modules) that logging in as root is okay. That’s pretty easy, and we’ll do it with nano just like above.

nano /etc/pam.d/gdm-password

1	nano /etc/pam.d/gdm-password

Scroll down and look for this line:

auth required pam_succeed_if.so user != root quiet_success

1	auth required pam_succeed_if.so user != root quiet_success

What you’re going to do is ‘comment it out’, by adding the # symbol which means, in this case, ‘ignore this line’. Change that line so that it looks like this:

#auth required pam_succeed_if.so user != root quiet_success

1	#auth required pam_succeed_if.so user != root quiet_success

Now, save it just like you did above. (Press CTRL + X, then Y, and then ENTER.) As you’re still using ‘sudo su’, you can get out of that mode by simply typing:

exit

exit

That’s it, actually! When you next reboot or logout, you can login as root. To do so, you need to click on ‘Not Listed’, type in ‘root’, and then enter your password. It should look pretty much like the following images:

enter the password to proceed — Enter your root password and the press the ENTER button.

Tada! You’ll be logged in as root for no good reason and with almost no benefits! Congratulations! Now, undo it and go back to being a bit more secure. Or not… I don’t mind. It’s your computer. You do what you want!

Please just don’t let your box get owned and turned into something malicious like a spam bot or a node in bot network used to do things like DDoS sites for money. Don’t let your computer make you a bad netizen.

Closure:

And there you have it! You can now login as root in the GUI and use Ubuntu as root. This is, of course, a terrible idea – but you can do it. If you’re ever in a position where this seems like the best solution, be sure to ask around to see if there are better ways to accomplish your goals. If you can login as root, so can’t someone else! Either way, it’s another article in the books!

How To: Use Wayland in a Live Ubuntu Instance

This article is based on an AskUbuntu question I answered a while back. The user wanted to know how to use Wayland in a live instance of Ubuntu. They wanted to test some Wayland stuff and this was how they wanted to do it.

I personally would have gone a different route, but that’s fine. There are likely other people who have this same question, so it seems prudent to put the answer up here, as others will likely want to use Wayland in a live environment.

It actually turned out to be pretty easy, so this isn’t going to be a very long article. If you follow the directions carefully, you should be able to use Wayland while running Ubuntu live.

Use Wayland in Ubuntu Live:

The first thing you need to do is boot into the live instance of Ubuntu, and then you change the way you login. You don’t want to automatically login for this exercise.

Click in the bottom right and ‘Show Applications.’ Once there, you can enter the word ‘users’, click on the settings app offered, and then disable automatic login.

Next, you have change the password. You’re forced to deal with Ubuntu’s need for a complex password. The password you pick must be at least 12 characters long, not a dictionary word, and have a mix of numbers and letters.

Next, you want to edit “/etc/gdm3/custom.conf” and comment out the line that disables Wayland. To do this, we’ll open a terminal by pressing CTRL + ALT + T. That opens the terminal where you’ll enter:

sudo nano /etc/gdm3/custom.conf

1	sudo nano /etc/gdm3/custom.conf

Find the line:

WaylandEnable=false

1	WaylandEnable=false

Change it to (comment it out):

#WaylandEnable=false

1	#WaylandEnable=false

Make sure to save it. Just press CTRL + X, then Y, and then ENTER and nano will save it.

Restart gdm3 with:

systemctl restart

1	systemctl restart

If that doesn’t automatically log you out, log out manually.

Now start the process to log back in, but after you click the user, there’s an icon in the lower right. It’s a gear icon. Click that gear icon and choose “Ubuntu on Wayland”. Then enter your password and press ENTER.

If everything worked, you’re now logged in with Wayland.

Now, if you want to verify that you’re using Wayland…

Press CTRL + ALT + T
to open the terminal and enter:

echo $XDG_SESSION_TYPE

1	echo $XDG_SESSION_TYPE

If you have done everything correctly, it looks like this:

live ubuntu running wayland — See? That’s how you use Wayland in a live Ubuntu instance. And now you know…

So, there you have it for those that want it. If you want to use Wayland then you can. You can do that in a live environment if you want. It’s Linux. You can do most anything, if you put enough work in.

Closure:

And there you have it. Another article is in the books. This one helps you use Wayland and helps you use it in a live Ubuntu instance. I suspect you could use this as a basis for other distros, but I’ve never actually tested that theory out. If you have tried it, let me know in a comment. Thanks!

How To: Enable The Root Account in Ubuntu

This will be a quick and easy article, where I explain how to enable the root account in Ubuntu. It’s easy to enable the root account, but you may not want to. The choice is up to you.

This article really starts here, with a pet peeve. See, Ubuntu doesn’t ship with root enabled by default and it does that for security reasons. If there’s no root account, the root account can’t be compromised. Instead, it relies on sudo for elevating permissions. If you ask at some sites, they’ll give you a lecture instead of telling you how to enable root.

Me? I disagree with that. If you want to know how to enable root, I’ll tell you how to enable root. It’ll likely come with a blurb that tells you why you may want to avoid doing so – but I’ll give you the answer to your question.

About the only time I won’t give you a direct answer is when it’s obvious that you’re asking me to do your homework. I may also not tell people how to do their job. After all, I don’t want incompetence entering the workforce and I don’t want incompetent people staying staying in the field.

I view Linux as not just an OS but also as a bit of a philosophy, a philosophy of constant learning, continued improvement, and a never-ending quest for greater understanding. If someone wants to know how to enable root, I’m damned well going to tell them how to enable root.

Yes, it may lessen their security, and I’ll make sure to tell them that as well. I’ll be sure to tell them why Ubuntu made the choice and what it means if they undo it. It’s their system. If they want to enable root, I will help them do that.

Enable Root in Ubuntu:

Having said all of that above, it’s actually really trivial to enable root in Ubuntu. The first thing you’re going to do is open the terminal. Like always, you can use your keyboard, just press CTRL + ALT + T and your default terminal will open up.

Next, you’ll want to enter the following command:

sudo passwd root

1	sudo passwd root

Now, first it’ll ask for your current user’s password. Enter that. When you enter that, it’ll ask you to set a password for ‘root’. You’ll need to enter that password twice. Once you’re done with that, you’re done with it. That’s literally all it takes.

If you want to test this, you can login as root in TTY. Press CTRL + ALT + F3 and login as root, using the password you just assigned. To get back to your desktop, just press CTRL + ALT + F1 and it should bring you right back. If not, or if you’re not using Ubuntu, you can press and hold the left ALT button and then press the ➝ until you’re back at your desktop.

NOTE: This won’t enable GUI login as root. I’ll explain how to do that in a future article. This only enables the root account and nothing more.

If you do enable root, be aware that that means the root account can be compromised and used. Root has all the permissions. All of ’em… So, if the root account is compromised whoever has done so has complete control of the system. You should be aware of this before you make this change. Only make this change if you know what you’re doing and if you’re prepared for the consequences.

Closure:

And there you have it. You have another article in the books, this one explaining how to enable the root account. Think twice before doing so, but it’s your device and you get to make that decision. Just be aware of the consequences of doing so and you should be all set.