Security: Anti-Rootkit Scanners for Linux ....
You can get the scanners listed below the intro at Linux software
repositiory (System > Ubuntu Software Center in Ubuntu)
How to scan your Linux-Distro for Root Kits | HowtoForge - Linux ...
12 posts - 1 author - Last post: May 10, 2006
How to scan your Linux-Distro for Root Kits. ... chkrootkit is a tool to
locally check for signs of a rootkit. It contains: ...http://www.howtoforge.com/scan_linux_for_rootkits
==========> ANTI-ROOTKIT SCANNERS FOR LINUX.....
The Rootkit Hunter project
Thanks to John Horne and all contributors who made this release possible
by providing code, submitting ideas, bugs, fixes, documentation, helping
out on the rkhunter ...
khunterhttp://www.linux.com/directory/Software ... er/details
Works With Distributions
* Red Hat Enterprise Linux
* SUSE Enterprise Linux
# Rootkit Hunter scans files and systems for known and unknown rootkits,
# backdoors, and sniffers. The package contains one shell script, a few
# text-based databases, and optional Perl modules. This tool scans for #
rootkits, backdoors, and local exploits by running tests like: # # *
Comparing MD5 hashes # # * Looking for default files used by rootkits #
# * Checking for wrong file permissions for binaries # # * Looking for
suspected strings in LKM and KLD modules # # * Looking for hidden files
# # * Optionally scanning within plain text and binary files # # *
Checking software versions # # * Testing applications # # Authors: #
-------- # Michael Boelen
chkrootkit -- locally checks for signs of a rootkit
Jul 30, 2009 ... chkrootkit: shell script that checks system binaries
for rootkit modification. ... chkrootkit has been tested on: Linux
2.0.x, 2.2.x, ...http://www.chkrootkit.org/
Unhide - The Open Source Forensic Toolhttp://www.unhide-forensics.info/
Unhide is a forensic tool to find processes and TCP/UDP ports hidden by
rootkits, Linux kernel modules or by other techniques. It includes two
utilities: unhide and unhide-tcp.
unhide detects hidden processes using three techniques:
# comparing the output of /proc and /bin/ps
# comparing the information gathered from /bin/ps with the one gathered
from system calls (syscall scanning)
# full scan of the process ID space (PIDs bruteforcing) unhide-tcp
identifies TCP/UDP ports that are listening but are not listed in
/bin/netstat through brute forcing of all TCP/UDP ports available.
@ This package can be used by rkhunter in its daily scans.