After the vulnerabilities help viruses, rootkits strictly in the infiltration on Linux like SambaCry vulnerability on Linux, users of this operating system need to take more optimal security measures. There are many open source tools you can use to scan and check if your Linux system is being attacked by malware. However, you should note that there is no perfect tool or software. Here are 3 tools to scan Viruses and Rootkits on Linux most effectively.
How to scan for Viruses and Rootkits on Linux
ClamAV is “standard” antivirus software, and is probably too familiar to you, in addition, anti-virus software ClamAV also has a version for Windows.
Install ClamAV and ClamTK
ClamAV and GUI are separate packages. This is because ClamAV can be run from the command line without the need for a GUI (graphical user interface). ClamTK graphical interface is simpler, suitable for more user objects. Here’s how to install ClamAV and ClamTK.
For Debian and Ubuntu distros:
sudo apt install clamav clamtk
If you are not using the Ubuntu distro, you can find clamav and clamtk in the package manager.
After the two programs have been installed, the next step you need to do is to update the virus databases of the two programs. Unlike other antivirus programs, with ClamAV you will have to do it using the root command or sudo:
Freshclam is run as a daemon. To run freshclam manually, you block this daemon with Systemd and then run freshclam normally.
sudo systemctl stop clamav-freshclam
The above process will take some time.
Scan for Viruses and Rootkits on Linux
Before scanning for viruses and rootkits on Linux, click the button Settings, check the options Scan files beginning with a dot, Scan files larger than 20 MB, and Scan directories recursively.
Back on the main screen, click Scan A Directory. Select the folder you want to scan. If you want to scan the entire computer, select Filesystem. You will have to run ClamTK again from the command line using the sudo command for the program to work.
After the scan is finished, ClamTK will alert you to any detected threats and allow you to address these threats. While the best solution is to remove these threats, it will probably cause an unstable system failure.
The next solution to scan for Viruses and Rootkits on Linux is to install and use Chkrootkit. Chkrootkit will scan for specific types of malware – rootkits for Unix systems just like Linux and Mac. As its name suggests, the purpose of a rootkit is to gain root privileges on the system it targets.
Chkrootkit scans system files for traces of malware and checks them against a database of known rootkits.
Chkrootkit is included in most distribution repositories. Install Chkrootkit using the package manager:
sudo apt installchkrootkit
Check out Rootkits
Just run the command with root or sudo:
The command will run down the list of potential rootkits, and may pause a bit while scanning files. You will see the note “nothing found” or “not infected” next to each file.
The program doesn’t show the final report after the scan has finished, so you’ll have to manually check to make sure there are no potential rootkits.
Alternatively you can put the program into grep and look for INFECTED, but this way can’t detect everything.
Chkrootkit is reported to have a validation error on Linux / Ebury – Operation Windigo. This bug has been known for a long time and added the -G flag to SSH.
There are a few manual checks you can use to verify it’s false of validation.
First run the command below as the root command.
find / lib * -type f -name libns2.so
The above command does not return any results. Next try to check if the malware is not using the Unix socket or not.
netstat -nap | grep “@ / proc / udevd”
If the command does not return results, your system is safe.
There are also new false authentication errors with tcpd on Ubuntu. If the command returns positive results on your system, try further investigation, but be aware that the results may be inaccurate.
You may also encounter entries for wted. This could be due to a system crash or a login error. Use last to check if it was a system error. In this case, it might be those errors, not malware.
Rkhunter is also a tool for scanning and finding rootkits on Linux. The ideal solution is to run both Chkrootkit and Rkhunter on your system to make sure any viruses or rootkits are not left out in case of false validation.
Rkhunter is also in your distribution warehouse.
sudo apt install rkhunter
Scan for Viruses and Rootkits on Linux
The first step is to update rkhunter’s database.
sudo rkhunter –update
Next is performing Virus and Rootkit scanning on Linux
sudo rkhunter –check
The program will stop after each part. You may see some warnings on the screen, possibly because of the optimal sub-configuration. After the scan is finished, the program will show you its full activity logs in /var/log/rkhunter.log. You can see the cause of the warnings there.
Additionally, rkhunter also gives you a complete summary of the scan results.
Above are 3 ways to scan for viruses and rootkits on Linux, besides, to avoid spreading viruses, rootkits or serious malware you also need to protect the USB port on Linux and before making any decision to do anything. , try to test and verify the results you get.
If something is found to be wrong, consider your options. If rootkit is detected, backup your data files and format the drive to remove the rootkit. Regularly run anti-virus programs and software to scan and remove viruses and rootkits on your system.
Not only on Windows, Linux, but also on Mac or iOS also have anti-virus software and applications to protect your device 24/24, you can choose the best antivirus apps for iPhone that Taimienphi has divided. Share before, among the anti-virus applications for the iPhone, you must have heard it before.