Detecting Rootkits on a Linux machine
Rootkits are a piece (or pieces) of software that someone can be used once a system is compromised to a) regain access to a system and b) remove traces of a compromise and c) many times hide itself. There are some tools for linux based systems that can be run to detect traces of rootkits and probably the best known is a tool called chkrootkit. I’ve know of it for what seems like years now and it can run a relatively quick test for traces of a wide range of KNOWN linux rootkits.
There is a good tutorial on how to install and use it here what’s probably the best to point out is that you should not install and then just run it occasionally, it should be put either on read-only media, or removable media so that an attacker could not discover it’s presence and alter it to ignore the attackers rootkit. (Or you could keep a local copy just to give them something else to do and do your REAL scanning from a read-only/removable… )
I did find a referral to another rootkit detectorrkhunter which I haven’t yet tested, but looks promising… a more direct link is here.
Happy rootkit hunting?
Popularity: 1% [?]
Related Posts - Ap coverage of hacker convention Apnews has an article on the recent "hacker convention" in Las Vegas. In typical media fashion they paint with a broad brush to display it as "a no-mans land where customary adversaries, feds vs. digital mavericks are supposed to share ideas about making the internet safe." In reality, realize that......
- How to Remove SystemCleanerPro | SystemCleanerPro Removal Guide SystemCleanerPro is a rogue antivirus application. It is a part of the WinSpywareProtect family and will run at system startup. It will popup many warnings about your computers security (or lack thereof). It will scan your system and claim there are viruses and it will repeatedly nag you about purchasing......
- Microsoft's quick response to network worms.... This is an ironic title because frankly, Microsoft has seemed to be slow in solutions for the recent zotob worm. Of course, they announced the vulnerability and accompanying update to solve the issue to begin with, but after the virus started propagating what do we see from Microsoft? They have......
Related Websites - Restaurant Solutions: Making Your Online Presence Known In today’s market every business needs to have an online presence. The Internet is the great leveler of players in a world market where anything can be bought or sold at competitive prices. The Internet has been an incredible tool for small businesses, especially because it allows smaller retailers and......
- Goldfish And Marine Aquariums I’ve been involved with aquariums for 40 years or more and no, I’m not going to try advising the secret of keeping goldfish in salt water! What I’m going to do is remember, if I may. Over 40 years ago I had nothing to do with fish. What did......
- Red Hat Fedora 10 is Out For all open source Lovers, Red Hat Fedora 10 Linux is out with major improvements! The Red Hat-sponsored Fedora Project on Tuesday released Fedora 10, the latest version of the free Linux-based operating system, with a wide range of improvements in areas such as virtualization management, networking, boot time and......
Similar Posts
- Rootkit Removers | Rootkit Detectors
- SONY DRM rootkit – the gift that keeps on giving
- Top 10 spyware tricks of 2005
- More Sony DRM news
- Sleuthkit – windows and linux file recovery