Rootkit Detection On Linux
What is a Rootkit?
A rootkit is a clandestine computer program designed to provide continued privileged access to a computer while actively hiding its presence. Rootkits are generally associated with malware – such as Trojans, worms, viruses – that conceal their existence and actions from users and other system processes.
Install – apt-get install chkrootkit (comes pre-installed)
chkrootkit -h : help menu
chkrootkit: starts the checking process
Install – apt-get install rkhunter
rkhunter – help menu
rkhunter -c : checks local system
rkhunter –update : updates the rootkit database