Malware is growing on Linux and rootkits are a problem for * nix systems for a long time. It is not true that * nix systems do not have to have antivirus or neglect security, who thinks this is very wrong. Although they are safer and the configuration possibilities allow us to shield them in a better way, we must not neglect security, since this makes us vulnerable.
For this reason, we present you three good tools that will remove malware and rootkit from our Linux distro. These three projects will help us keep our system clean of threats. One of these projects is chkrootkit, a command line tool that will help us detect rootkits. Another is Lynis, a good tool for auditing security and also acts as a rootkit scanner. Finally we will see ISPProject, a scanner for web servers that will help us scan malware.
To install chkrootkit we do the following:
wget --pasive-ftp ftp://ftp.pangeia.com/br/pub/seg/pac/chkrootkit.tar.gz tar xvfz chkrootkit.tar.gz cd chkrootkit-*/ make sense cd .. mv chkrootkit-<version>/ /usr/local/chrootkit ln -s /usr/local/chkrootkit/chkrootkit /usr/local/bin/chkrootkit
To use it, only:
chkrootkit
The other tool is Lynis as we have said, to install it:
cd /tmp wget https://cisofy.com/files/lynis-2.1.1.tar.gz tar xvfz lynis-2.1.1.tar.gz mv lynis /usr/local/ ln -s /usr/local/lynis/lynis /usr/local/bin/lynis lynis update info
Now, we can use it to track our system:
lynis audit system
Lastly, the ISPProtect web tool, that you will need to previously have PHP installed on our computer, if we do not already have it, install it before:
mkdir -p /usr/local/ispprotect chown -R root:root /usr/local/ispprotect chmod -R 750 /usr/local/ispprotect cd /usr/local/ispprotect wget http://www.ispprotect.com/download/ispp_scan.tar.gz tar xzf ispp_scan.tar.gz rm -f ispp_scan.tar.gz ln -s /usr/local/ispprotect/ispp_scan /usr/local/bin/ispp_scan
This last tool is especially good for scan computers that act as servers. And to use it:
ispp_scan