Main menu

Scan Linux for rootkit and viruses

Rootkits is a malicious program hiding it’s presence from antivirus programs. It can infect the libraries, commands and files. They installed in system by hacking attacks, Trojans or system vulnerability.

In Linux system there are several projects for rootkit scanning tools. Let’s look few of them.

Scan Linux for rootkit and viruses

1. rkhuner

Installing rkhunter

Installation on CentOS or RHEL
# yum install rkhunter
Installation on Ubuntu or Debian
#apt-get install rkhunter
Updating rkhunter database
#rkhunter --update
Checking for malware
#rkhunter --check
Checking logs for details. 
#less /var/log/rkhunter/rkhunter.log

2. chkrootkit

Installation on CentOS or RHEL
#yum install chkrootkit
Installation on Ubuntu or Debian
#apt-get install chkrootkit

 

3. LMD (Linux Malware Detect)

Installing LMD in Linux

Download maldet latest version

wget http://www.rfxn.com/downloads/maldetect-current.tar.gz

Installing maldet

tar xfz maldetect-current.tar.gz
cd maldetect-*
chmod +x ./install.sh
./install.sh

Configure maldet scan options

 # vi /usr/local/maldetect/conf.maldet
 #enable email alert in maldet
email_alert=1
email_addr=yourname@youremail.com
email_subj="Malware alerts for $HOSTNAME"
# Move to quarantine and alert (1 enable quarantine, 0 disable)
quar_hits=1
# Clean the code injections (1 enable, 0 disable)
quar_clean=1
# suspend user account or not (1 enable, 0 disable)
quar_susp=0
# Use Clam AV scan engine (1 enable, 0 disable)
clam_av=1

Scan whole var directory

# maldet -a /var

Change scan parameter in daily maldet scan

# vi /etc/cron.daily/maldet 

4. linus

Installation on CentOS or RHEL
#yum install linus
Installation on Ubuntu or Debian
#apt-get install linus
Checking for malware
#lynis --check-all -Q
FacebookTwitterGoogle+RSS