Detecting Rootkits on a Linux machine



Rootkits are a piece (or pieces) of software that someone can be used once a system is compromised to a) regain access to a system and b) remove traces of a compromise and c) many times hide itself. There are some tools for linux based systems that can be run to detect traces of rootkits and probably the best known is a tool called chkrootkit. I’ve know of it for what seems like years now and it can run a relatively quick test for traces of a wide range of KNOWN linux rootkits.


There is a good tutorial on how to install and use it here what’s probably the best to point out is that you should not install and then just run it occasionally, it should be put either on read-only media, or removable media so that an attacker could not discover it’s presence and alter it to ignore the attackers rootkit. (Or you could keep a local copy just to give them something else to do and do your REAL scanning from a read-only/removable… )

I did find a referral to another rootkit detectorrkhunter which I haven’t yet tested, but looks promising… a more direct link is here.

Happy rootkit hunting?

Related Posts

Blog Traffic Exchange Related Posts
  • How to Remove System Adware Scanner 2010 | System Adware Scanner 2010 Removal Guide System Adware Scanner 2010 is a new and aggressive rogue antivirus application. Once installed on a system it creates a program that acts as a guard of sorts for it's main process. This guard process is called noterminate and will pop up warnings and encourage users to purchase the rogue......
  • The "secure software" dilemma It's quite a dilemma when a software product is billed as more secure than another.... several days back when Mozilla Firefox released v. 1.5.0.4 which fixed a number of security issues, I saw someone comment "I thought firefox was supposed to be secure." I think there's a misunderstanding when it......
  • Network Security guide for the home or small business network - Part 16 - Learn about the enemy I remember I had a geography teacher once that was a former Marine and he said when he was growing up it was the height of the cold war and geography was interesting to him from a "know your enemy" point of view. That's a good concept to apply to......
Blog Traffic Exchange Related Websites
  • FAQ about computer security Q: The virus blocked the registry access and how to get rid of it?A: You can deal with like this: 1. Click on Start -> Run (or Start Search in Windows Vista). 2. Enter GPEdit.msc and then press Enter. 3. Navigate to the following location: User Configuration -> Administrative Templates......
  • Restaurant Solutions: Making Your Online Presence Known In today‚Äôs market every business needs to have an online presence. The Internet is the great leveler of players in a world market where anything can be bought or sold at competitive prices. The Internet has been an incredible tool for small businesses, especially because it allows smaller retailers and......
  • Amouage Ubar Perfume for Women Review Amouage Ubar is an ideal springtime perfume for women mainly because nothing exemplifies the idea of spring quite like the scent of lily of the valley. This scent is light an ethereal and it has just a tinge of something luscious and green. The Amouage Ubar perfume for women is......
PDF24    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site