How to scan your Linux-Distro for Root Kits

Ghacks is running on a Linux rootserver. It should be fairly secure but there is always a chance that someone might get access to it and compromise the system. One of the biggest threats is the installation of a root kit which can be used to access the system at a later time and clean tracks of logins and other traces so that it is near impossible to find out more about the attacker.

The article How to scan your Linux-Distro for Root Kits walks you through all the steps of downloading and running a script that you can use to detect rootkits on a Linux system.Everything is explained in detail so that even beginners will be able to follow the steps and check their system for possible root kits. If you don't feel like compiling the script yourself you could try and use Google to find a pre-compiled version and download that instead.

The article recommends the Linux tool chkrootkit. The issue with the program is that it has not been updated since 2008 which is often a bad sign when it comes to checking for security issues on systems as it may not be able to detect newer threats.

Here are a handful of resources that you can use instead if you want to check your Linux distribution or server for rootkits.

Detecting Rootkits And Kernel-level Compromises In Linux has been published in 2010 by Symantec. The long guide is aimed at advanced users, and outlines several ways of detecting hidden modifications made to a Linux kernel.

The How to Detect Rootkits in Linux with rkhunter guide is a lot shorter. It describes how Linux users can use the rootkit detector rkhunter to scan their system for traces of rootkits. The program is available from the repositories, and actively maintained, which is one of the most important traits for a tool of its kind.

Advertisement