Rokkit detection on linux


For fight with rookit we have few simple linux tools:

  • chkrootkit
  • kjackal
  • rkhunter
  • ossec

Kjackal

rkhunter

ljackal

Get file program from git hub 

git clone https://github.com/dgoulet/kjackal

COMPILE:

# make

USAGE:

insmod kjackal.ko
dmesg

Kjackal prints the report in dmesg.
COMPILE: # make USAGE: # insmod kjackal.ko # dmesg Kjackal prints the report in dmesg.

 # rmmod kjackal

#rkhunter #rookit #linux  #chkrootkit #kjackal

source:https://github.com/dgoulet/kjackal

rkhunter

sudo apt-get install rkhunter

or

dnf rkhunter

or

yum  rkhunter

update database :

sudo rkhunter –check

runing rkhunter every day

from root

corntab -e

   30 5 * * * /usr/local/bin/rkhunter --cronjob --update --rwo


important links

  1. https://rootkit.nl/projects/rootkit_hunter.html
  2. http://www.chkrootkit.org/
  3. https://www.howtoforge.com/tutorial/how-to-scan-linux-for-malware-and-rootkits/
  4. https://github.com/dgoulet/kjackal
  5. http://ossec.github.io/
Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s