It looks like you're new here. If you want to get involved, click one of these buttons!
I've used good ol' chkrootkit for years. Simply put, it scans important files in your system for rootkits. Rootkits are collections of malicious programs designed to compromise the root user account and keep access for an extended period of time. Rootkits are hard to detect and difficult to remove from a system. I've heard many sysadmins say that if your system is the victim of a rootkit, you should reimage (format and reinstall from media) it and restore all data from a clean backup.
Yes, that's one solution, but have you ever reimaged a system and been able to bring it back to a state where it was prior to the infection? I never have. There's always something left off from the new system and it's always something "critical." I've spent countless hours chasing down legacy software, searching for old documentation, and begging the local software hoarder for media to reinstall some essential program that no one supports anymore and that we possibly never had a legitimate license for. I digress.
You can scan for many types of rootkits and detect certain log deletions using chkrootkit. While it doesn't remove any infected files, it does specifically tell you which ones are infected, so that you can remove/reinstall/repair the file or package.
Follow the simple procedure below to download, install, and scan your system using chkrootkit. Use sudo or su to root.
<< compile output >>
/' Checkingamd'... not found
basename'... not infected Checkingbiff'... not found
chfn'... not infected Checkingchsh'... not infected
cron'... not infected Checkingcrontab'... not infected
date'... not infected Checkingdu'... not infected
dirname'... not infected Checkingecho'... not infected
<< more output >>