February 2nd, 2006, 21:06 PM
Old and Cranky
How do I scan my Linux system for rootkits, worms, trojans, etc.?
Either with ckrootkit or with rkhunter.
Either install the package that comes with your distribution (on Debian you would run
apt-get install chkrootkit
or download the sources from www.chkrootkit.org and install manually:
wget --passive-ftp ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz
tar xvfz chkrootkit.tar.gz
Afterwards, you can move the chkrootkit directory somewhere else, e.g. /usr/local/chkrootkit:
mv chkrootkit-<version>/ /usr/local/chkrootkit
Now you can run chkrootkit manually:
(if you installed a chkrootkit package coming with your distribution, your chkrootkit might be somewhere else).
You can even run chkrootkit by a cron job and get the results emailed to you:
to create a cron job like this:
0 3 * * * (cd /usr/local/chkrootkit-<version>; ./chkrootkit 2>&1 | mail -s "chkrootkit output my server" firstname.lastname@example.org)
That would run chkrootkit every night a 3.00h.
Download the latest rkhunter sources from www.rootkit.nl:
tar xvfz rkhunter-1.2.7.tar.gz
This will install rkhunter to the directory /usr/local/rkhunter. Now run
to download the latest chkrootkit/trojan/worm signatures (you should do this regularly).
Now you can scan your system for malware by running
February 6th, 2006, 09:55 AM
The question is do you really need to? Maybe.
February 6th, 2006, 13:30 PM
Old and Cranky
I think the danger isn't necessarily to the Linux box itself, but in it's ability to become infected and possibly passing that on. Zombies and such ya know...Always gotta have a good firewall at the very least.
February 16th, 2006, 02:35 AM
lokkit is also a good firewall and can be customised a lot. Clam AV can be a good antivirus!!! just do a sudo about it.