Detect and eliminate rootkits in our system

Rootkit

We have already spoken on several occasions about rootkits, and about security in general. But this time we are going to focus on how to detect and eliminate them. First of all, for those who do not know what a rootkit is, it is a malware that can be composed of a program or set of malicious programs that disguise themselves to carry out unwanted tasks and without the user's consent.

Well, in Unix environments and of course in Linux, you can find a multitude of antivirus and other specific tools to eliminate this type of malware, such as chkrootkit and rkhunter, which are the most famous. They will sound familiar to you because we have also talked about them on numerous occasions in this blog, in addition they both act in a similar way and by not doing work in the background, they do not infer each other if they are both installed.

For its installation and use, only a couple of commands are needed in both cases, nothing complicated. For example, in the case of wanting to install it on a Debian or derivatives, we just have to type the following:

sudo apt-get intsall chkrootkit

sudo apt-get install rkhunter

To use it (although you can see more options in man to refine the analyzes):

 sudo chkrootkit
sudo rkhunter --list tests

En the case of rkhunterBefore the first analysis, it will be necessary to update the signature base with the –update option. There are also other options like –check, –disable , etc., so I recommend that you check man rkhunter for more options.

Eye! There may be false positives, that is to say, that it detects some possible rootkits that are not such, therefore, some of the threats that they detect may not be. Normally it is good to use both, because they do not usually give the same false positives and you can rule out that it is a lack of alarm by contrasting the results. However, before removing the rootkit, search for information on Google so as not to delete important files.


Be the first to comment

Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: AB Internet Networks 2008 SL
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.