Rootkit

Dealing with Linux Malware, Insights by the Author of rkhunter

Malicious software plague computers for more than 40 years and most likely this threat will never stop. What should you know about it to protect yourself?

Summary of Dealing with Linux Malware, Insights by the Author of rkhunter

Malicious software plague computers for more than 40 years. It is hard to think this threat will ever stop. The Linux platform definitely has their share of malware, although many people never experienced it firsthand. Let’s dive into this subject and discover why your system might actually being compromised at this very moment. The types of malware To understand the risks, you have to understand the threats and weaknesses. When we talk about malware, there are different family types, each with their own threat and method of attack.

Read the full article…

Detecting Linux rootkits

In this post about intrusion detection we have a look at Linux rootkits, what they do and how to detect them. Linux rootkits are malicious pieces and should be detected as soon as possible.

Summary of Detecting Linux rootkits

Malware, or malicious software is also an issue on Linux systems. Let’s have a look into this threat and what actions you can take. What is a rootkit? A rootkit is a set of tools with the goal to hide its presence and to continue providing system access to an attacker. The word rootkit comes from the root user, which is the administrator account on Linux systems and Unix-clones. The kit refers to a toolkit, or a set of tools.

Read the full article…

Monitoring Linux Systems for Rootkits

To properly protect your system against malware systems should be monitored. Monitoring for rootkits and other forms of malware, will help with intrusion detection.

Summary of Monitoring Linux Systems for Rootkits

Detecting and preventing rootkits Rootkits are considered to be one of the most tricky pieces of malware. Usually they are loaded onto the system by exploiting weaknesses in software. Next phase is being installed and hide as good as possible, to prevent detection. We have a look at a few security measures you can take to prevent this kind of threat. System Protection Kernel The kernel is the brain of the software system and decides what should be executed by the central processing unit.

Read the full article…

Tools compared: rkhunter VS Lynis

Rootkit Hunter (rkhunter) and Lynis are often seen as similar tools to find malware on Linux systems. Learn why they have a completely different goal.

Summary of Tools compared: rkhunter VS Lynis

The question about what the differences are between rkhunter and Lynis is showing up more and more. Time to share the purpose of both and show the difference in its usage. As the author of both tools, I should have done this nine years ago. So with some little delay, here it is. Rootkit Hunter Written in 2003, rkhunter had the goal to detect malware on Linux and UNIX-based systems. The main target was rootkits, with an occasional detection mechanism for a common backdoor.

Read the full article…