Rootkit
Tools compared: rkhunter VS Lynis
Rootkit Hunter (rkhunter) and Lynis are often seen as similar tools to find malware on Linux systems. Learn why they have a completely different goal.
Summary
The question about what the differences are between rkhunter and Lynis is showing up more and more. Time to share the purpose of both and show the difference in its usage. As the author of both tools, I should have done this nine years ago. So with some little delay, here it is.
Rootkit Hunter
Written in 2003, rkhunter had the goal to detect malware on Linux and UNIX-based systems. The main target was rootkits, with an occasional detection mechanism for a common backdoor. The secondary target was promoting a few best practices, like disabling direct root logins via SSH.
Dealing with Linux Malware, Insights by the Author of rkhunter
Malicious software plague computers for more than 40 years and most likely this threat will never stop. What should you know about it to protect yourself?
Summary
Malicious software plague computers for more than 40 years. It is hard to think this threat will ever stop. The Linux platform definitely has their share of malware, although many people never experienced it firsthand. Let’s dive into this subject and discover why your system might actually being compromised at this very moment.
The types of malware
To understand the risks, you have to understand the threats and weaknesses. When we talk about malware, there are different family types, each with their own threat and method of attack. The most common five families are:
Monitoring Linux Systems for Rootkits
Learn how to protect your Linux system against malware, such as implementing security measures like file integrity monitoring and malware scanning.
Summary
Learn how to protect your Linux system against malware, such as implementing security measures like file integrity monitoring, malware scanning, and consistent patch management.
Detecting Linux rootkits
In this article about intrusion detection we have a look at Linux rootkits, what they do and how to detect them.
Summary
Malware, or malicious software is also an issue on Linux systems. Let’s have a look into this threat and what actions you can take.
What is a rootkit?
A rootkit is a set of tools with the goal to hide its presence and to continue providing system access to an attacker. The word rootkit comes from the root user, which is the administrator account on Linux systems and Unix-clones. The kit refers to a toolkit, or a set of tools.