Detecting Rootkits on a Linux machine



Rootkits are a piece (or pieces) of software that someone can be used once a system is compromised to a) regain access to a system and b) remove traces of a compromise and c) many times hide itself. There are some tools for linux based systems that can be run to detect traces of rootkits and probably the best known is a tool called chkrootkit. I’ve know of it for what seems like years now and it can run a relatively quick test for traces of a wide range of KNOWN linux rootkits.


There is a good tutorial on how to install and use it here what’s probably the best to point out is that you should not install and then just run it occasionally, it should be put either on read-only media, or removable media so that an attacker could not discover it’s presence and alter it to ignore the attackers rootkit. (Or you could keep a local copy just to give them something else to do and do your REAL scanning from a read-only/removable… )

I did find a referral to another rootkit detectorrkhunter which I haven’t yet tested, but looks promising… a more direct link is here.

Happy rootkit hunting?

Related Posts

Blog Traffic Exchange Related Posts
  • Ap coverage of hacker convention Apnews has an article on the recent "hacker convention" in Las Vegas. In typical media fashion they paint with a broad brush to display it as "a no-mans land where customary adversaries, feds vs. digital mavericks are supposed to share ideas about making the internet safe." In reality, realize that......
  • How to Remove AntiMalware | Antimalware Removal Guide Antimalware is the name of a particularly interesting rogue antivirus and rogue antimalware application. One tip off that it is a rogue application is that one of it's first actions is the attempted removal of the following trusted and legitimate antivirus, security and antimalware applications: AVG, Nod32, Agnitum, Sophos, Avira,......
  • Windows more secure than Linux? For the last week, I've seen various headlines referring to a report from US-CERT that indicated 2005 had 5,198 security flaws reported. Out of those 2,328 were reported for Linux/Unix, 812 for Windows and 2,058 affecting more than one operating system. Now, I'm seeing all sorts of headlines about how......
Blog Traffic Exchange Related Websites
  • Goldfish And Marine Aquariums I’ve been involved with aquariums for 40 years or more and no, I’m not going to try advising the secret of keeping goldfish in salt water! What I’m going to do is remember, if I may. Over 40 years ago I had nothing to do with fish. What did......
  • Amouage Ubar Perfume for Women Review Amouage Ubar is an ideal springtime perfume for women mainly because nothing exemplifies the idea of spring quite like the scent of lily of the valley. This scent is light an ethereal and it has just a tinge of something luscious and green. The Amouage Ubar perfume for women is......
  • Why You Really Need Search Engine Optimization Search engine optimization is something that no company that keeps a presence online can afford to ignore. The internet is difficult, if not entirely impossible to navigate without the the use of a search engine like Google, and when you think about all the traffic that filters through Google on......
PDF24    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site