Gnu / Linux is a very secure and stable operating system. Characteristics for which they are in many servers and in many computers. However, its security is not malware or rootkit proof that can infect our operating system or compromise our security.
That is why we need quite a few tools to detect these security holes and take action on them. In many cases, we will find these tools in the official repositories of our distribution and on other occasions we will need to make use of shareware or trial software.
Rootkits
In the first case we are going to detect rootkits. This software is becoming more and more popular on both personal and not-so-personal computers. In Gnu / Linux we have a tool called chkrootkit. This tool is a powerful scanner of our operating system but it does not solve rootkit problems, so once detected we have to go one by one to check and solve them. On the other hand, chkrootkit can create false positives, minimal errors that may exist, so it is recommended to review the alerts received one by one.
To install chkrootkit we have to write the following in the terminal:
sudo apt-get install chkrootkit ( o el equivalente gestor de paquetes de la distribución)
And to run the program, we just have to write the following:
sudo chkrootkit
Malware
The case of malware is more problematic because we need an external team to know if our team has malware or not. In this case we are going to use the ISPProtect tool. ISPProtect is a paid software that has a free version that we can use to know if we have malware or not. In this case we have to open the terminal and write the following:
sudo apt-get install php-cli sudo mkdir -p /usr/local/ispprotect sudo chown -R root:root /usr/local/ispprotect sudo chmod -R 750 /usr/local/ispprotect sudo cd /usr/local/ispprotect sudo wget http://www.ispprotect.com/download/ispp_scan.tar.gz sudo tar xzf ispp_scan.tar.gz sudo rm -f ispp_scan.tar.gz sudo ln -s /usr/local/ispprotect/ispp_scan /usr/local/bin/ispp_scan
In this case, Ubuntu has been used, but it can be used in any distribution, for this we have to change the apt-get package manager for the corresponding package manager.
ISPProtect is a payment tool but its trial version can be very effective And if we want a professional analysis, we can always pay for the license and get that service.
Conclusion
These tools are simple and quick to install, something necessary for the security of our operating system. There are also other alternatives, but either they do not meet all the requirements or they are very complex. In any case, they are two very good tools to start checking security of our operating system Do not you think?
Please stop calling Ubuntu linux, because there is more life to part of Ubuntu, It is up to the nose of Ubuntu and since I have Manjaro it is that there is no color, it is super fluid, it is robust and super easy to use, there is no need to go to the terminal for nothing. What bothers me is that in the title it talks about Linux, but then in the article, it only talks about Ubuntu, as if it were the only Linux that exists
If we are going to call things by their name -which seems correct to me-, it is not Linux but GNU / Linux. Linux is the core of the system, which can be replaced by another. Android uses the Linux kernel but nobody calls it that.
Manjaro is one of the worst distros I've ever tried ...
and if rootkit or malware detects me, what to do?
Very interesting article, apt-get is found in all Debian-based distros. If you don't want to use terminal, from what I see, all actions can be done in X; although I confess that using the terminal is the best.
@mlpbcn
Well, I have tried to install manjaro and in my case I have not passed the first screen. It does not load in live. At least with Ubuntu and other distributions that does not happen.