chkrootkit
chkrootkit is a utility that will check for signs that a device is infected with a rootkit. It runs on Linux, FreeBSD, and OSX versions. It uses standard utlitities such as awk, grep, netstat, cut, echo, and more in order to detect signatures that suggest rootkits.The standard use of chkrootkit should contain an alternate path to trusted binaries (don’t trust binaries on a machine you are scanning), along with the path to the directory to be scanned.
Example usage: chkrootkit -p [path-to-trusted-binaries] -r [root-path-to-scan]
rkhunter
rkhunter is another utility used to check for signs of rootkits on Unix based systems. Usually, you will want to run the scan against a mounted filesystem, using a trusted set of binaries. In the below example, the –sk option sets it so that a keypress isn’t required after each test run.Example Usage: rkhunter -c –sk
No comments:
Post a Comment