Detecting Linux rootkits

In this post about intrusion detection we have a look at Linux rootkits, what they do and how to detect them. Linux rootkits are malicious pieces and should be detected as soon as possible.


Malware, or malicious software is also an issue on Linux systems. Let’s have a look into this threat and what actions you can take. What is a rootkit? A rootkit is a set of tools with the goal to hide its presence and to continue providing system access to an attacker. The word rootkit comes from the root user, which is the administrator account on Linux systems and Unix-clones. The kit refers to a toolkit, or a set of tools.

Auditing Linux processes: The Deep Dive!

In-depth article about auditing Linux processes. Determination of running processes, memory and on-disk structure and the proper tools for analyzing them.


From the initial start of the Linux operating system, the first processes are already born. In this article we have a look on dealing with processes. In particular we look at how to do process auditing. Whenever you are an auditor, system administrator or just a Linux enthusiast, you can’t ignore processes and should know how to deal with them. Process listing For most people working on Linux systems, it might be obvious to display running processes with ps.

How to deal with a compromised Linux system

Is your Linux system compromised or does it run suspicious processes? Learn how to investigate the system and create an action plan.


Learn the steps to take when you suspect that your Linux system is compromised.