How do I detect rootkits in Linux?
This article talks about detecting rootkits in Linux.
A rootkit is a set of software tools intended to hide running processes, files or system data from the operating system and ultimately from real root user. They are used by crackers as well as commercial companies for copy protection (Sony BMG CD).
However rootkit is not just for Linux, they exist for Windows and other operating system too.
From the article:
A rootkit is a collection of tools a hacker installs on a victim computer after gaining initial access. It generally consists of network sniffers, log-cleaning scripts, and trojaned replacements of core system utilities such as ps, netstat, ifconfig, and killall.
Various ways of detecting rootkits in GNU/Linux
You may also be interested in other helpful articles:
- Top Things Linux Admin Forgot To Do
- Linux Iptables Firewall: Log IP or TCP Packet Header
- nixCraft FAQ roundup
- How can I enable or setup log message in the iptables firewall?
- Lighttpd mod_rewrite Hotlink Protection To Display Image Message
Leave a Reply
We encourage your comments, and suggestions. But please stay on topic, be polite, and avoid spam. Thank you very much for stopping by our site!
Recent Comments
Today ~ 16 Comments
Today ~ 5 Comments
Today ~ 20 Comments
Today ~ 35 Comments
Today ~ 13 Comments