Software projects/OS/Slackware/Advanced usage/Rootkit scanners

From Pandora Wiki

Revision as of 11:13, 8 November 2012 by Linux-SWAT (talk | contribs) (Created page with "= What is a rootkit ? = * Check the Wikipedia definition [http://en.wikipedia.org/wiki/Rootkit here]. = How to scan them ? = * I ship two tools for this purpose: chkrootkit a...")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to: navigation, search

Contents

1 What is a rootkit ?
2 How to scan them ?
3 Something to know
4 The Pandora way

What is a rootkit ?

Check the Wikipedia definition here.

How to scan them ?

I ship two tools for this purpose: chkrootkit and rkhunter.
Their utilization is pretty simple, and i'll let you read their man pages.

Something to know

It's a pretty bad idea to run a self-test on a machine, because if it's already compromised, security tools may also have been hacked.
The best option is to check the target drive (the suspicious one) on a clean machine. This target drive SHOULD be mounted as read-only.

The Pandora way

So to check a SD card, or a USB drive, don't use Xfce, as it will automount as read-write the target drive.

Retrieved from "https://pandorawiki.org/index.php?title=Software_projects/OS/Slackware/Advanced_usage/Rootkit_scanners&oldid=26296"

Navigation menu