How do I detect rootkits in Linux?

by on December 19, 2006 · 0 comments· LAST UPDATED June 24, 2009

in , ,

This article talks about detecting rootkits in Linux.

A rootkit is a set of software tools intended to hide running processes, files or system data from the operating system and ultimately from real root user. They are used by crackers as well as commercial companies for copy protection (Sony BMG CD).

However rootkit is not just for Linux, they exist for Windows and other operating system too.

From the article:
A rootkit is a collection of tools a hacker installs on a victim computer after gaining initial access. It generally consists of network sniffers, log-cleaning scripts, and trojaned replacements of core system utilities such as ps, netstat, ifconfig, and killall.

Various ways of detecting rootkits in GNU/Linux



If you would like to be kept up to date with our posts, you can follow us on Twitter, Facebook, Google+, or even by subscribing to our RSS Feed.


{ 0 comments… add one now }

Leave a Comment

You can use these HTML tags and attributes for your code and commands: <strong> <em> <ol> <li> <u> <ul> <blockquote> <pre> <a href="" title="">
What is 15 + 9 ?
Please leave these two fields as-is:
Solve the simple math so we know that you are a human and not a bot.

Previous post:

Next post: