3 antimalware solutions for Linux systems -PART 1

# chkrootkit
I've used good ol' chkrootkit for years. Simply put, it scans important files in your system for rootkits. Rootkits are collections of malicious programs designed to compromise the root user account and keep access for an extended period of time. Rootkits are hard to detect and difficult to remove from a system. I've heard many sysadmins say that if your system is the victim of a rootkit, you should reimage (format and reinstall from media) it and restore all data from a clean backup.

Yes, that's one solution, but have you ever reimaged a system and been able to bring it back to a state where it was prior to the infection? I never have. There's always something left off from the new system and it's always something "critical." I've spent countless hours chasing down legacy software, searching for old documentation, and begging the local software hoarder for media to reinstall some essential program that no one supports anymore and that we possibly never had a legitimate license for. I digress.

You can scan for many types of rootkits and detect certain log deletions using chkrootkit. While it doesn't remove any infected files, it does specifically tell you which ones are infected, so that you can remove/reinstall/repair the file or package.

Follow the simple procedure below to download, install, and scan your system using chkrootkit. Use sudo or su to root.

yum update

yum install wget gcc-c++ glibc-static

wget -c ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz

tar –zxvf chkrootkit.tar.gz

mkdir /usr/local/chkrootkit

mv chkrootkit-0.xx/* /usr/local/chkrootkit

cd /usr/local/chkrootkit

make sense

<< compile output >>


ROOTDIR is /' Checkingamd'... not found
Checking basename'... not infected Checkingbiff'... not found
Checking chfn'... not infected Checkingchsh'... not infected
Checking cron'... not infected Checkingcrontab'... not infected
Checking date'... not infected Checkingdu'... not infected
Checking dirname'... not infected Checkingecho'... not infected
<< more output >>

Thanked by [1] : AlphaRacks

Shared Hosting | VPS Servers | Dedicated Servers

Ankesh Anand
CloudMate Softwares
Managing Director

Sign In or Register to comment.