Malware, where aren’t thou found? Well, even our wonderful Ubuntu can be infected. So what can we do about it? Hope and pray we keep our system safe and better yet, audit our systems regularly for malwares and rootkits. There are 4 system auditors for Ubuntu that we will review - lynis, rkhunter, chkrootkit, and clamav.

Tool #1: Lynis

Lynis is a free open-source tool for Linux, mac-os, and UNIX-based systems. Lynis is used for security auditing, compliance testing, penetration testing, vulnerability detection and system hardening.

Installing Lynis

Lynis can be downloaded from https://github.com/CISOfy/lynis.

git clone https://github.com/CISOfy/lynis.git 
cd lynis

Usage

./lynis system audit

The latter will scan your system and give you a report. Remember that there can always be false positives, and those you have to check manually.

Tool #2: Rkhunter

RKhunter will scan your systems for rootkits, backdoors, sniffer and exploit scanner. It will also ensure that no changes have been made to your commands, system startup files, and network interfaces. In fact, it will scan your system for at least 292 rootkits.

Installing rkhunter

Rkhunter can be directly installed using the following command:

sudo apt-get install rkhunter -y

Usage

Rkhunter will not fix a problem, but rather simply detect the problem for you.

rkhunter {--check | --unlock | --update | --versioncheck | --propupd [{filename | directory | package name},...] | --list [tests | {lang | languages} | rootkits | perl | propfiles] | --config-check | --version | --help} [options]}

First, let’s update it:

sudo rkhunter --update

Next, let’s scan for any potential threats:

sudo rkhunter --check

Tool #3: Chkrootkit

Chkrootkit is a free open-source tool that can detect up to 69 different rootkits, worms and LKMs.

Installing chkrootkit

Chkrootkit can be downloaded by typing:

sudo apt-get install chkrootkit -y 

Alternatively, you can manually install it as well:

Chkrootkit is located at https://github.com/Magentron/chkrootkit.

unzip chkrootkit-master
cd chkrootkit-master
make sense

Usage

In order to perform a system check, type:

sudo chkrootkit 

If it was manually installed, then type:

./chkrootkit

Tool #4: Clamav

Clamav, on the other hand, is a free open-source anti--virus. It is apt at detecting trojans, viruses, and malwares amongst others.

Installing chkrootkit

ClamAV can be installed by typing:

sudo apt-get install clamav

Usage

First update it, then run it using:

sudo freshclam
clamscan -r -i <directory>

Tack r stands for recursively, and tack i stands for only show infected files.

Oddly enough, there aren’t many tools to scan for malware out there for Linux. Why? I’m not sure. However, these 4 tools are more than enough to detect malwares, rootkits, and viruses.

---

Tags: security auditing antivirus commandline tutorials