Tech Support Forum banner
Not open for further replies.
1 - 4 of 4 Posts

· Registered
186 Posts
Discussion Starter · #1 ·
I didnt see a place for tutorials so Ill just put what I wrote here:

Linux virus, trojan, and rootkit protection - 7/29/2005 - thegreatone2176/tgo

Many people I see are lax in there virus protection when it comes to linux and I have even seen people who I consider linux gurus laugh at the idea of linux anti-virus.
Well I am not sure whether it is because I am from the windows world or I just dont trust a system without protection I use 3 things to protect my linux boxes.

1) Bit Defender Anti-Virus For Linux

This is by far the best av you can choose and of course its free.
There is no real reason for me to write out about how to install it and its usage because a complete and thorough guide has already been written here:

If anyone played or paid attention to rootthisbox or any other wargame we all know how popular root kits are.
Most anti-virus systems will not pick these up so luckily there is software just to detect and remove them.

2) Chkrootkit -

A very easy to setup and use root kit detector.
To install simply download the source, unzip, cd into the directory, then 'make sense' and it will install for you.
After that ./chkrootkit will scan your whole system.
Read the readme inside the directory for all the other options and their meanings.

One thing to note about chkrootkit is that it commonly reports:

eth0: PF_PACKET /path/to/dhcpcd

The first time I scanned and it told me this I googled and found a long post on explaining why this happens and that its almost never a threat.
To be sure though use the next program I cover.

3) rkhunter -

Another great rootkit detection tool that also scans for many trojans and worms.
Also has another very easy install, by simply running the that comes with it.
Type rkhunter to get a list of options, but I usually do rkhunter -c ( for checkall ) and it scans the whole system.

I am not sure which rootkit tool is better, but since they are both so small,easy to install, and use there is no reason why you cant have both of them.

To make these most effective they could be made to run one after anoter nightly by cronjob and the logs can be checked in the morning. While this wont completely lockdown your system, using them is a good test of the safety of your system.
1 - 4 of 4 Posts
Not open for further replies.