Linux Rootkit Hunter and Unhide Utility (scanners)

Found this “Linux Rootkit Hunter” and gave it a go – works well enough and worth running on some systems.

Rootkit scanner is scanning tool to ensure you for about 99.9%* you’re clean of nasty tools. This tool scans for rootkits, backdoors and local exploits by running tests like:

– MD5 hash compare
– Look for default files used by rootkits
– Wrong file permissions for binaries
– Look for suspected strings in LKM and KLD modules
– Look for hidden files
– Optional scan within plaintext and binary files

Rootkit Hunter is released as GPL licensed project and free for everyone to use.

See the website for more info and download:
http://www.rootkit.nl/projects/rootkit_hunter.html

This site runs through the install and operation:
http://linuxserverguide.wordpress.com/2009/09/06/rkhunter-installation

Linux Detecting / Checking Rootkits with Chkrootkit and rkhunter Software:
http://www.cyberciti.biz/faq/howto-check-linux-rootkist-with-detectors-software/

Unhide:

Unhide is a forensic tool to find hidden processes and TCP/UDP ports by rootkits / LKMs or by another hidden technique.
You can install it from most repos, with Debian/Ubuntu you can install with an apt-get install unhide

To use the tool:

sudo unhide-linux26 proc
sudo unhide-linux26 sys
sudo unhide-linux26 brute

It also has a TCP/UDP port scanner to check for hidden listening ports etc.

sudo unhide-tcp

More info see the developers website http://www.unhide-forensics.info

Bookmark the permalink.