How to scan your Linux-Distro for Root Kits - gHacks Tech News

How to scan your Linux-Distro for Root Kits

Ghacks is running on a Linux rootserver. It should be fairly secure but there is always a chance that someone might get access to it and compromise the system. One of the biggest threats is the installation of a root kit which can be used to access the system at a later time and clean tracks of logins and other traces so that it is near impossible to find out more about the attacker.

The article How to scan your Linux-Distro for Root Kits walks you through all the steps of downloading and running a script that you can use to detect rootkits on a Linux system.Everything is explained in detail so that even beginners will be able to follow the steps and check their system for possible root kits. If you don't feel like compiling the script yourself you could try and use Google to find a pre-compiled version and download that instead.

The article recommends the Linux tool chkrootkit. The issue with the program is that it has not been updated since 2008 which is often a bad sign when it comes to checking for security issues on systems as it may not be able to detect newer threats.

Here are a handful of resources that you can use instead if you want to check your Linux distribution or server for rootkits.

Detecting Rootkits And Kernel-level Compromises In Linux has been published in 2010 by Symantec. The long guide is aimed at advanced users, and outlines several ways of detecting hidden modifications made to a Linux kernel.

The How to Detect Rootkits in Linux with rkhunter guide is a lot shorter. It describes how Linux users can use the rootkit detector rkhunter to scan their system for traces of rootkits. The program is available from the repositories, and actively maintained, which is one of the most important traits for a tool of its kind.

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:

Comments

  1. paul said on May 3, 2006 at 5:38 pm
    Reply

    that’s very helpful – thanks for posting this.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.