SERV ZERO

rkhunter

“rkhunter (Rootkit Hunter) is a Unix-based tool that scans for rootkits, backdoors and possible local exploits. It does this by comparing SHA-1 hashes of important files with known good ones in online databases, searching for default directories (of rootkits), wrong permissions, hidden files, suspicious strings in kernel modules, and special tests for Linux and FreeBSD. rkhunter is notable due to its inclusion in popular operating systems (Fedora, Debian, etc.)”

• https://en.wikipedia.org/wiki/Rkhunter

• https://rkhunter.sourceforge.net/

chkrootkit

chkrootkit is a tool to locally check for signs of a rootkit. It contains:

• chkrootkit: shell script that checks system binaries for rootkit modification.
• ifpromisc.c: checks if the interface is in promiscuous mode.
• chklastlog.c: checks for lastlog deletions.
• chkwtmp.c: checks for wtmp deletions.
• check_wtmpx.c: checks for wtmpx deletions. (Solaris only)
• chkproc.c: checks for signs of LKM trojans.
• chkdirs.c: checks for signs of LKM trojans.
• strings.c: quick and dirty strings replacement.
• chkutmp.c: checks for utmp deletions.

Chkrootkit is named Top 10 Tools to Scan Linux Servers for Vulnerability and Malware by Cyber Security News.

• https://www.chkrootkit.org/

---

Filed under: Privacy/Security,Uncategorized - @ December 19, 2023 1:27 am