Search for rootkit malware with chkrootkit
Going the Extra Mile
Chkrootkit uses a handful of native commands (awk, cut, echo, egrep, etc.). If you believe that your system might be compromised, then the best option is to mount its disk onto a clean system for inspection. Do not trust executables on a compromised system. Rootkit writers know about chkrootkit and will attempt to infect those commands it uses.You can also run chkrootkit in “expert” mode, which provides you with a verbose output of its checks so that you can inspect what it finds for yourself. Chkrootkit runs from cron so that you can schedule a daily scan of your system and mail the output to your user account or to a shared account.
Summary
Chkrootkit has been around for more than 20 years and is still actively developed. It, like other security solutions, is not a panacea. It is simply a part of a layered approach to your overall security strategy. Exercise caution before relying too heavily on a single approach in your own networks. Getting a clean bill of health from a chkrootkit scan doesn’t mean that your system is clean or uninfected by malware. There are many different types of malware, and chkrootkit checks for a single type.
« Previous 1 2
Buy Linux Magazine
US / Canada
UK / Australia
Direct Download
Read full article as PDF:
News
-
GNOME 40 is Now Available on openSUSE
The rolling release edition of openSUSE, Tumbleweed, now offers the latest version of the GNOME desktop.
-
Apple M1 Hardware Support to be Merged into Linux Kernel 5.13
Linux users will be able to install their favorite distribution on Apple’s M1-based hardware.
-
KDE Launches the Qt 5 Patch Collection
To support and maintain a stable Qt 5 for KDE Gears and Frameworks, KDE will maintain a patch collection.
-
Linux Creator Warns Next Kernel Could be Delayed
Linus Torvalds has issued concern about the size of kernel 5.12 and possible delays for its release.
-
System76 Updates its Pangolin Laptop
System76 has released a much-anticipated AMD version of their most popular laptop, the Pangolin.
-
New Debian-Based Distribution Arrives on the Market
TelOS is a new Debian-based Linux distribution with a customized, touch-screen-ready KDE Plasma 5 desktop.
-
System76 Releases New Thelio Desktop
One of the most ardent supporters of open source hardware has released a new desktop machine for home or office.
-
Mageia 8 Now Available with Linux 5.10 LTS
The latest release of Mageia includes improved graphics support for both AMD and NVIDIA GPUs.
-
GNOME 40 Beta has been Released
Anyone looking to test the beta for the upcoming GNOME 40 release can now do so.
-
OpenMandriva Lx 4.2 has Arrived
The latest stable version of OpenMandriva has been released and offers the newest KDE desktop and ARM support.