If you ever meet me in person and somehow get me onto the subject of Linux, you will always hear me bragging about how Linux is virus-proof. And to date, this is mostly true. Linux is free of 99.9% of viruses. But it has Bliss, as well as a few other viruses written for it. Bliss is like the Linux version of Eicar, in that it has to be manually installed, and even contains instructions on how to remove it right in it’s own official documentation. However: I stress, Linux is mostly virus-free. It is NOT however, immune to rootkits, which are the most common ways a Linux user will be infected with a malicious payload. Once infected, like Windows rootkits, it is often hard to tell unless you do a virus scan. And because Linux is such a small market, where on Earth would you find a big name vendor that will support Linux on such a wide scale? The truth is… no where. You have to use special tools that I’ll show you today how to use and check to see if you have any rootkits on your Linux computers.
chkrootkit 40 kb
chkrootkit simply needs to be downloaded and uncompressed from it’s compressed file, then you’ll need to open up the terminal to where you uncompressed it. If you uncompressed it to your home directory, you don’t have to much, minus opening the terminal. If it’s uncompressed to a different location, then use the CD command to change the directory to where you saved it. From there, simply type:
make sense
sudo ./chkrootkit
and it will go though and scan every file that might be infected. It doesn’t take very long, no more then about ten or twenty seconds, but in that time, it’s checking every possible kook and cranny. Surprisingly enough, it’s a good scanner, if not a bit old. Seeing as most rootkits for Linux are old though, it’s not much you’d have to worry about to be honest.
Rootkit Hunter 215 kb
Barely a mouthful more then the last one, Rootkit Hunter offers the same kind of idea, but you must install it first. If it’s in the repositories of your Linux OS, simply install it, then in terminal, type as the sudo/root user:
rkhunter –update
to update it, then
sudo rkhunter –propupd –pkgmgr dpkg
if you’re using Debian, Ubuntu, or Mint Linux or
rkhunter –propupd –pkgmgr RPM
if you’re using Fedora, Mandriva, or Red Hat. This will update the packages to work with the most recent updates for your system. Finally, to run it, either run the Debian-based command, below:
sudo rkhunter –check –pkgmgr dpkg
or the Red Hat-based command, below.
rkhunter –check –pkgmgr rpm
Overall, Linux is mostly protected from most things that Windows users have to face on a day-to-day basis. And as many people could imagine, running Linux is quite a different experience then running Windows, so you must be decently well versed in Windows to actually know what you’re doing in Linux, minus certain distros. Overall, there is an extremely low chance of being infected with a rootkit on Linux, so chances are extremely good your scans will turn up clean. However, like in Windows, diligence will pay off; after all, all you need is one package that was compiled by the wrong person… and you’ve got one.
Finally, due to the extension on the Revo Uninstaller giveaway, I can finally award the two licenses. Our winners are: rain and dim059 as selected by Random.org’s random number generator. Congrats to both of them for being our lucky winners!