4 tools to scan a Linux server for malware and rootkits
There is a high level of attacks on linux servers all the time. A good firewall and constant updates adds an additional layer of security. But it is always necessary to maintain a constant scanning of our system.
The tools presented here are capable of identifying viruses, malware, rootkits and malicious behavior. You can use these tools to perform system scans regularly, for example. every night and send reports by mail to your email address.
1- LMD - Linux Malware Detect
LMD (Linux Malware Detect) is a powerful open source malware scanner for Linux, specifically designed and targeted to hosted environments, but which can be used to detect threats in any Linux system. It can be integrated with the ClamAV scanner engine for better performance.
It provides a complete system of reports to see the results of current and previous analysis, it supports the sending of alerts by email after each execution of the analysis and many other useful functions.
2- ClamAV - Antivirus Software Toolkit
ClamAV is an open source, versatile, popular and cross-platform antivirus engine for detecting viruses, malware, Trojans and other malicious programs on a computer. It is one of the best free antivirus programs for Linux and the open source standard for mail gateway scanning software that supports almost all mail file formats.
It supports updates of virus databases on all systems and on-access scans only on Linux. In addition, it can scan within files and compressed files and supports formats such as Zip, Tar, 7Zip, Rar among others and many other features.
The ClamAV can be installed using the following command on Debian-based systems.
user @ computer: $ $ sudo apt-get install clamav
ClamAV can be installed using the following command on CentOS-based systems.
user @ computer: $ # yum -y update
# yum -y install clamav
# yum -y install clamav
Once installed, you can update the signatures and scan a directory with the following commands.
user @ computer: $ # freshclam
# clamscan -r -i DIRECTORY
# clamscan -r -i DIRECTORY
Where DIRECTORY is the location to scan. The -r option means recursive scanning and -i means only displaying the infected files.
3- Rkhunter - A Linux Rootkit Scanners
RKH (RootKit Hunter) is a free, powerful, easy to use and well-known open source tool for scanning backdoors, rootkits and local exploits on POSIX-compatible systems, such as Linux. As the name implies, it is a rootkit search engine, security monitoring and analysis tool that thoroughly inspects a system to detect hidden security holes.
The rkhunter tool can be installed using the following command on Ubuntu and CentOS-based systems.
user @ computer: $ $ sudo apt install rkhunter
# yum install epel-release
# yum install rkhunter
# yum install epel-release
# yum install rkhunter
To verify your server with rkhunter, execute the following command.
user @ computer: $ # rkhunter -c
To run rkhunter automatically every night, add the following cron entry, which will run at 3pm and send reports to your email address.
user @ computer: $ 0 3 * * * / usr / sbin / rkhunter -c 2> & 1 | mail -s "rkhunter Reports of My Server" you@yourdomain.com
4- Chkrootkit - A Linux Rootkit Scanners
Chkrootkit is also another free and open source rootkit detector that locally searches for signs of a rootkit in a Unix-like system. It helps detect hidden security holes. The chkrootkit package consists of a shell script that verifies the system binaries for the modification of the rootkit and a series of programs that verify several security problems.
The chkrootkit tool can be installed using the following command on Debian-based systems.
user @ computer: $ $ sudo apt install chkrootkit
In systems based on CentOS, you must install it from the sources using the following commands.
user @ computer: $ # yum update
# yum install wget gcc-c ++ glibc-static
# wget -c ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz
# tar -xzf chkrootkit .tar.gz
# mkdir / usr / local / chkrootkit
# mv chkrootkit-0.52 / * / usr / local / chkrootkit
# cd / usr / local / chkrootkit
# make sense
# yum install wget gcc-c ++ glibc-static
# wget -c ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz
# tar -xzf chkrootkit .tar.gz
# mkdir / usr / local / chkrootkit
# mv chkrootkit-0.52 / * / usr / local / chkrootkit
# cd / usr / local / chkrootkit
# make sense
To verify your server with Chkrootkit, execute the following command.
user @ computer: $ $ sudo chkrootkit
OR
# / usr / local / chkrootkit / chkrootkit
OR
# / usr / local / chkrootkit / chkrootkit
Once executed, it will begin to check your system for known Malwares and Rootkits and, once the process has finished, you can see the summary of the report.
To run Chkrootkit automatically every night, add the following cron entry, which will run at 3pm and send reports to your email address.
user @ computer: $ 0 3 * * * / usr / sbin / chkrootkit 2> & 1 | mail -s "chkrootkit Reports of My Server" you@yourdomain.com
![[EXCLUSIVE!!!] CAPMONSTER PRO 2.10.7.0 CRACKED BY ANONYMOOSE](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEidHgK2jErCvRhSbjRWkhYjS_dDaHMHbDQAGUUQtqQpFkLTvHXj-yMVCAxcdE4sfrFNhvsI8OHRmBKeEAHAL_L_uqqygf8ADk5gIaf5Wa4Gv-btL_SmIzjbCUonUNtNztvegMLIoRvSF3IA/s72-c/unknown.png)
![BlackBullet 2.4.4 [Cracked]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgKc5nEpTlCYYPXm9yIVxxn5rzIxulCJ5VohirlITjYB60tGvzgy1RxoDGThIytgQ-KEQDDNM9phW6aZm_ZI6scZaTnLddrtt8st6EqiYKvOZEF3HLCxt5rH-dDaqdpYEKj1Mmrq7pFpLIh/s72-c/maxresdefault.jpg)
