Rootkit Hunter is a Unix-primarily based scanning tool that scans for rootkits, backdoors and possible local exploits. It does this by comparing SHA-1 hashes of vital files with known good ones in online database, looking for default directories (of rootkits), improper permissions, hidden records data, suspicious strings in kernel modules and particular tests for Linux or FreeBSD. Most instances rootkits are self-hiding toolkits utilized by blackhats, crackers and script kiddies, to keep away from the attention of the system admin. If you’re unsure as to whether your system is compromised, you will get a second opinion from sources such as Linux-oriented forum. If your system is contaminated with a rootkit, cleaning it up will not be an option. Restoring can be not an option unless you might be expert, and have autonomous and an impartial means of verifying that the backup is clear, and does not include misconfigured or stale software. Never trust a potentially compromised machine! Basically a clean install of the OS is always advisable after backing up the system.
This week, in our Linux Page (in Spanish) we have posted a quick guide to rapidly install ClamAV: one of my favourite and open source antivirus for Linux. We have already written some notes in our previous post “Security package (Rev. 1.2) for Ubuntu: antivirus, firewall and P2P stealth” and in that occasion we decide to suggest an external link. This time we reinstalled a fresh new Ubuntu 8.10 and decided to directly add ClamAV. First of all, it is necessary to run Synaptic Package Manager (in System – Administration) and to search Clam and select clamav and all the extra packages you prefer to install. Read very carefully the description that is visualized each time you click on one of them and select the extra feature you need. Then, with the right button of the mouse, select “mark for installation” and click on Apply in the upper menu bar. After few seconds ClamAV will be correctly installed. Now, if you check on Applications – System Tool you will find a new ClamAV icon whose name is Virus Scanner. Now, if you launch ClamAV you will discover that, unfortunately, it is not possible to upgrade the program without administrative privileges. I solved this “problem” dragging and dropping the ClamAV icon to the upper panel. Then I clicked on the icon using the right button of the mouse and selected the Properties panel. Then, in the “command” space I added sudo before the text clamtk %F that I found already written there (sudo clamtk %F). Now, when you click on the upper panel ClamAV icon, you are able to upgrade your new antivirus in a breeze. Recommended!