Root out rootkits

On the Trail

© Lead Image © silense, 123RF.com

© Lead Image © silense, 123RF.com

Article from Issue 180/2015
Author(s):

Detect rootkits, worms, and other malware with chkrootkit.

Sophisticated software can help you keep an eye out for malware, but by the time it's spotted, it's probably too late, costing you the time to repair and rebuild your system, as well as a loss of revenue if it's a production system. Chkrootkit is a proven, mature, and highly sophisticated tool that helps you detect a variety of malware in an ongoing process.

A True Story

A year or two after the turn of the millennium, I lost a server through the disastrous compromise of a popular web-based application. Thankfully, although the server was in use, there were no services on it that couldn't wait a few days before being restored.

The first clue that something was wrong was some strange filesystem behavior while logged in over SSH. I checked the Apache error logs, and – lo and behold – I found some output detailing a wget transaction. The wget file transfer was showing an illegitimate download from a nasty-looking URL.

[...]

Use Express-Checkout link below to read the full article (PDF).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • chkrootkit

    Linux can be infected by rootkit malware that is hidden and hard to detect. The chkrootkit program can help find rootkit infections.

  • Expert Security Intro

    Internet intruders have many ingenious ways of escalating privileges and hiding their presence once they get inside your system. The best protection is to keep them out in the cold.

  • Host-Based IDS

    A host-based intrusion detection system is a simple but powerful tool for finding traces of an attacker's footprint.

  • Kernel Rootkits

    Rootkits allow attackers to take complete control of a computer. We describe the tricks intruders use to gain access to the Linux kernel and provide guidelines on hardening the kernel against such attacks.

  • Charly's Column – Whowatch

    For no particular reason, Charly occasionally patrols his server farm and hunts down attackers. He has put together a neat toolbox for this job.

comments powered by Disqus
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters

Support Our Work

Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.

Learn More

News