Rootkits are a form of malicious software with the purpose to gain and remain root permissions and hide its presence. This form of malware can be hard to detect. This series of articles provides the insights into how they work. With better understanding, you can increase your chances of preventing them and increase detection.

2016-10-06 (last updated at October 27th, 2016) Michael BoelenSoftware Leave a comment

Tools compared: rkhunter VS Lynis

Rootkit Hunter and Lynis compared The question about what the differences are between rkhunter and Lynis is showing up more and more. Time to share the purpose of both and show the difference in its usage. As the author of both tools, I should have done this nine years ago. So with some little delay, here it is. Rootkit Hunter Written in 2003, rkhunter had the goal to detect malware on Linux and UNIX-based systems. The main target was rootkits, with […]

2016-02-08 (last updated at April 16th, 2017) Michael BoelenMalware 3 comments

Dealing with Linux Malware, Insights by the Author of rkhunter

Linux Malware Malicious software plague computers for more than 40 years. It is hard to think this threat will ever stop. The Linux platform definitely has their share of malware, although many people never experienced it firsthand. Let’s dive into this subject and discover why your system might actually being compromised at this very moment. The types of malware To understand the risks, you have to understand the threats and weaknesses. When we talk about malware, there are different family […]

2015-01-08 Michael BoelenMalware Leave a comment

Monitoring Linux Systems for Rootkits

Monitoring Linux Systems Detecting and preventing rootkits Rootkits are considered to be one of the most tricky pieces of malware. Usually they are loaded onto the system by exploiting weaknesses in software. Next phase is being installed and hide as good as possible, to prevent detection. We have a look at a few security measures you can take to prevent this kind of threat. System Protection Kernel The kernel is the brain of the software system and decides what […]

2014-07-09 (last updated at June 30th, 2018) Michael BoelenIntrusion Detection 3 comments

Detecting Linux rootkits

What is a rootkit? A rootkit is a set of tools with the goal to hide its presence and to continue providing system access to an attacker. The word rootkit comes from the root user, which is the administrator account on Linux systems and Unix-clones. The kit refers to a toolkit, or a set of tools. Hiding by manipulation The tools in the rootkit are typically altered binaries that provide an alternative truth. They will display everything a typical command would do, except those parts that […]