https://pandorawiki.org/index.php?action=history&feed=atom&title=Software_projects%2FOS%2FSlackware%2FAdvanced_usage%2FRootkit_scannersSoftware projects/OS/Slackware/Advanced usage/Rootkit scanners - Revision history2026-05-03T12:58:31ZRevision history for this page on the wikiMediaWiki 1.32.0-alphahttps://pandorawiki.org/index.php?title=Software_projects/OS/Slackware/Advanced_usage/Rootkit_scanners&diff=26299&oldid=prevLinux-SWAT: /* Something to know */2012-11-08T11:23:24Z<p><span dir="auto"><span class="autocomment">Something to know</span></span></p>
<table class="diff diff-contentalign-left" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #222; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #222; text-align: center;">Revision as of 11:23, 8 November 2012</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l7" >Line 7:</td>
<td colspan="2" class="diff-lineno">Line 7:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>= Something to know =</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>= Something to know =</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>* It's a pretty bad idea to run a self-test on a machine, because if it's already compromised, security tools may also have been hacked.</div></td><td class='diff-marker'>+</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>* It's a pretty bad idea to run a self-test on a machine, because if it's already compromised, <ins class="diffchange diffchange-inline">embedded </ins>security tools may also have been hacked.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* The best option is to check the target drive (the suspicious one) on a clean machine. This target drive SHOULD be mounted as read-only.</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* The best option is to check the target drive (the suspicious one) on a clean machine. This target drive SHOULD be mounted as read-only.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"></td></tr>
</table>Linux-SWAThttps://pandorawiki.org/index.php?title=Software_projects/OS/Slackware/Advanced_usage/Rootkit_scanners&diff=26298&oldid=prevLinux-SWAT at 11:22, 8 November 20122012-11-08T11:22:47Z<p></p>
<table class="diff diff-contentalign-left" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="en">
<td colspan="2" style="background-color: #fff; color: #222; text-align: center;">← Older revision</td>
<td colspan="2" style="background-color: #fff; color: #222; text-align: center;">Revision as of 11:22, 8 November 2012</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l12" >Line 12:</td>
<td colspan="2" class="diff-lineno">Line 12:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>= The Pandora way =</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>= The Pandora way =</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* So to check a SD card, or a USB drive, don't use Xfce, as it will automount as read-write the target drive.</div></td><td class='diff-marker'> </td><td style="background-color: #f8f9fa; color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>* So to check a SD card, or a USB drive, don't use Xfce, as it will automount as read-write the target drive.</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">= Note =</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color: #222; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">* During a scan, you will likely encounter false positives (false warnings). This can be harmless. Don't blindly stress, keep cool, and analyze the results.</ins></div></td></tr>
</table>Linux-SWAThttps://pandorawiki.org/index.php?title=Software_projects/OS/Slackware/Advanced_usage/Rootkit_scanners&diff=26296&oldid=prevLinux-SWAT: Created page with "= What is a rootkit ? = * Check the Wikipedia definition [http://en.wikipedia.org/wiki/Rootkit here]. = How to scan them ? = * I ship two tools for this purpose: chkrootkit a..."2012-11-08T11:13:17Z<p>Created page with "= What is a rootkit ? = * Check the Wikipedia definition [http://en.wikipedia.org/wiki/Rootkit here]. = How to scan them ? = * I ship two tools for this purpose: chkrootkit a..."</p>
<p><b>New page</b></p><div>= What is a rootkit ? =<br />
* Check the Wikipedia definition [http://en.wikipedia.org/wiki/Rootkit here].<br />
<br />
= How to scan them ? =<br />
* I ship two tools for this purpose: chkrootkit and rkhunter.<br />
* Their utilization is pretty simple, and i'll let you read their man pages.<br />
<br />
= Something to know =<br />
* It's a pretty bad idea to run a self-test on a machine, because if it's already compromised, security tools may also have been hacked.<br />
* The best option is to check the target drive (the suspicious one) on a clean machine. This target drive SHOULD be mounted as read-only.<br />
<br />
= The Pandora way =<br />
* So to check a SD card, or a USB drive, don't use Xfce, as it will automount as read-write the target drive.</div>Linux-SWAT