Linux security

Scan your Linux Ubuntu machine for rootkits or malware

Chkrootkit is an open source rootkit scanner for Linux systems. Rootkits are hard to detect software & programs that allow access to a computer where access it not allowed. They are used by hackers to access remote servers and steal data. A rootkit is a type of malware that is used to enable unauthorized access to a system. The chkrootkit is a command line tool for scanning system to detect the rootkits.
The installation and use of this tool is very easy and simple.

sudo apt update
sudo apt install -y chkrootkit
chkrootkit -V

Onc ethe tool is installed you can run it by issing simple command

sudo chkrootkit

However the output is very long so if you want to see output on your screen ONLY the warning and when INFECTED file is found you can use this switch in the command

sudo chkrootkit -q

As well you can filter out the output as:

sudo chkrootkit | grep 'INFECTED|Vulnerable'

Lastly if you have mail installed on your machine you can automate this in small shell script and let the output be emailed to you once completed on your machine.

#!/bin/sh
( /usr/bin/chkrootkit ) | grep 'INFECTED|Vulnerable' | /bin/mail -E -s 'chrootkit Daily Run (HOSTNAME)' YOUR@EMAIL.COM

Another very know tool is RkHunter – also very easy to install and configure on your machine

sudo apt install rkhunter
rkhunter -c

Also you can setup a cron job and let the scan send you every night report to your email

# crontab -e
0 3 * * * /usr/sbin/rkhunter -c 2>&1 | mail -s "rkhunter Reports of My Server" you@yourdomain.com

RkHunter (RootKit Hunter) is another open source, free tool for scanning backdoors, rootkits, and security vulnerabilities. It thoroughly inspects a system for security vulnerabilities.

Lastly we can use and install this excellent tool Lynis. Lynis is an open-source security auditing tool for UNIX derivatives like Linux, Mac OS, BSD, other Unix-based operating systems etc. Performing extensive health scan of systems that support System Hardening and Compliance Testing. An open-source software with GPL License. This tool also scans for general system information, vulnerable software packages, and configuration issues. It is useful for System Administrators, Auditors, Security Professionals.

sudo apt-get install lynis

Run the Lynis to perform a security audit:

sudo lynis audit system

Here is a short bash script to automate the scan with Lynis on your machine:

$ #!/bin/sh
AUDITOR="AUROMATED" DATE=$(date+%Y%m%d)
HOST=$(hostname) LOG_DIR="/var/log/lynis"
REPORT="$LOG_DIR/report-${HOST}.${DATE}" DATA ="$LOG_DIR/report-data-${HOST}.${DATE}.txt"
cd /usr/local/lynis
./lynis -c -auditor "${AUDITOR}" --cronjob > ${REPORT}
mv /var/log/lynis-report.dat ${DATA}
#End
$ lynis audit system --auditor "${AUDITOR}" --cronjob > ${REPORT}
# Move or save file to:
[-f /ar/log/lynis-report.dat ] then
mv /var/log/lynis-report.dat ${DATA}
fi

To know the updated details of the Lynis tool and see if the tool is in the latest version, run update info to get all the details relating to Lynis Tool.

sudo lynis --version
sudo lynis update info

Good book how to secure your Windows, Linux, IoT and cloud infrastructure .. if you are interested in this topic.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.