Linux Magazine: Finding Rootkits, Infections, and Files

"Last month's 'Tech Support' showed you how to monitor filesystem changes with Tripwire, a handy system utility that alerts you to all filesystem changes. Like SNORT and others, Tripwire's just one of many practical security measures that minds your system 24/7.

"Another sentry tool is chkrootkit, a free utility that can detect rootkits, loadable kernel modules, worms, and other nefarious cracker tools. (A rootkit is a collection of tools used to mask intrusion, obtain administrator-level access and, install a backdoor on a target computer. A loadable kernel module, or LKM, is a piece of code that's loaded directly into the Linux kernel.) chkrootkit uses digital signatures to detect over fifty known rootkits and LKMs. It also uses some simple heuristics--looking for hidden processes, hidden directories, and a few other simple checks--to attempt to detect unknown kits..."

Complete Story

Related Stories:

• NewsForge: Is There a Rootkit Hunter in Your Arsenal?(Apr 09, 2004)
• Linux Journal: Roll Your Own Firewall with Netfilter(Oct 14, 2003)
• Help Net Security: Detecting and Understading Rootkits(Aug 15, 2003)
• O'Reilly Network: Scanning for Rootkits (Feb 08, 2002)