How to scan malware and rootkits on Linux server

Worms, viruses, malware and rootkits are a concern for every server administrator. When the system is infected, it can collect sensitive information and cause financial damage.

Differentiate viruses, trojans, worms and rootkits

Fortunately, there are many tools that help scan Linux servers for malware and rootkits. This article will provide some of the best options to help deal with these cyber-enemies.

Top 7 best free antivirus software for Linux
Install AntiVirus on Ubuntu
7 best antivirus programs for Ubuntu

1. Clam AV

This command-line antivirus software is designed to integrate closely with mail servers and is available on all systems including prominent Linux distributions like SuSE, Fedora and Ubuntu.

Installing this software on Ubuntu is easy with the following command:

 sudo apt install clamav clamav-daemon

How to scan malware and rootkits on Linux server Picture 1

After installation, Clam AV can be used from the terminal to the entire system and to clean all infected files. In addition, Clam AV also provides powerful real-time scanning and source tracking utilities.

To run a simple test for the server file system, use the following command from the root directory:

 clamscan -r -i

The above command will ask Clam AV to perform a recursive scan (check the file in the file) and print the infected document to the terminal. However, before running this command, you need to allow Clam AV enough time to install its virus signature database on the machine. You can cancel the service and restart it manually with the following command:

 sudo systemctl stop clamav-freshclam.service

Followed by the command:

 sudo freshclam

How to scan malware and rootkits on Linux server Picture 2

To automatically delete virus files from the system during the scan, use the following command:

 clamscan -r -i --remove

2. Chkrootkit

This tool runs several tests to detect kernel modules that have downloaded malware, worms and rootkits.

For Ubuntu, this tool is in the official software store, use the following command to install it:

 sudo apt install chkrootkit

How to scan malware and rootkits on Linux server Picture 3

Unlike Clam AV, chkrootkit is a passive tool and lacks functionality to act on detected threats. You need to research and manually delete suspicious files found by this tool on the server's file system. Therefore you need to copy the output for later reference.

To run this tool, use the following command:

 sudo chkrootkit

How to scan malware and rootkits on Linux server Picture 4

3. AIDE

The name of this tool stands for the phrase Advanced Intrusion Detection Environment, a completely free alternative to the Tripwire analog tool.

AIDE allows close monitoring of system files to monitor time and how they are modified or accessed in other ways. This tool is very easy to install from Ubunu's official software store with the apt command.

 sudo apt install aide

How to scan malware and rootkits on Linux server Picture 5

To complete the installation process, you need to configure Postfix through the options. To navigate these items, you can use the Tab key or the arrow keys, then press Enter to select. Postfix is used to send information to email addresses according to the time you set.

How to scan malware and rootkits on Linux server Picture 6

How to scan malware and rootkits on Linux server Picture 7

AIDE configuration requires file processing in the following addresses:

 /var/lib/aide /etc/aide

First, create the database and configuration file by running the following command:

 sudo aideinit

How to scan malware and rootkits on Linux server Picture 8

Once completed, this process to the database and configuration file created in / var / lib / aide / in the name aide.db.new and aide.conf.autogenerated. Both need to be copied into aide.db and aide.conf respectively to work properly.

Create a copy of the database file with the new name easily with the following command:

 sudo cp /var/lib/aide/aide.db.new /var/lib/aide/aide.db

How to scan malware and rootkits on Linux server Picture 9

Before renaming and copying the configuration file, update it with the following command:

 sudo update-aide.conf

How to scan malware and rootkits on Linux server Picture 10

Once you've updated the configuration file, copy it to the correct directory with the following command:

 sudo cp /var/lib/aide/aide.conf.autogenerated /etc/aide/aide.conf

Now, AIDE will work on the server and actively monitor HASHED of the file system it created.

You can configure AIDE to not scan specific folders, run periodically and many other things by modifying the configuration file. However, with the following command you can see enough information on the system output:

 aide -c /etc/aide/aide.conf -C

AIDE is most effective when its configuration is accessed from read-only addresses because rootkits can allow attackers to edit files.

The tools mentioned in this article will help you scan Linux servers for malware and rootkits with a variety of techniques. Rootkits are the hardest digital threat to solve, but they can be prevented with appropriate software.

chkrootkit

Marvin Fry

Update 27 August 2019

You should read it

May be interested

How to manage remote Linux server using SSH
managing the server is still a necessary and sometimes heavy task. fortunately, secure shell (ssh) is available - a network protocol that allows services to run on an unsecured network.
New points in SQL Server 2017
the sql server 2017 version is primarily connected to linux, bringing the power of sql to linux. in short, you can install sql server 2017 on linux, using sql server 2017 on linux-based docker containers. sql server 2017 also allows you to choose development languages, develop it on-premise or cloud-based.
Distinguish viruses, trojans, worms and rootkits
most of us have heard of spyware, malware, viruses, trojans, worms or rootkits… but do you really know the difference between them? it's really not easy to understand all the terms that refer to these computer threats.
How to access Linux server from Android
before starting to connect to the server from an android device, users should consider how it affects security. connection from android is not unsafe, but every method has certain risks.
7 best Linux server distributions
linux is one of the factors driving today's growing internet platform. in fact, more than 70% of all websites are powered by unix, with linux accounting for 58%.
3 'Scanners' for viruses and malware for Facebook
with the growing popularity of facebook, malware is also becoming increasingly rampant on facebook.
What is Cloud Server Linux? Advantages and disadvantages of Cloud Server Linux
cloud server linux is a cloud-based website hosting service using the linux operating system. linux will support websites using programming languages such as php, python, db, mysql,...
What to do to handle 'No Internet After Malware Removal' error?
if you've just 'cleaned out' the malware (malware) from your computer and you found that you can't connect to the internet, you can set up a proxy server or dns (domain name system) that has been changed modified by malicious software (malware).
New free malware scanning tool for Linux
security firm kaspersky has just launched a new free malware scanning tool for linux called kvrt (kaspersky virus removal tool) that allows users to scan the entire system and remove malware and malicious ads. harm and other known threats.
How to build Linux web server with an old computer
if you are interested in building a home web server, the easiest way is to install linux on the backup computer. doing this is simple and gives you a logical way to host a website or blog.