Linux rootkit check hardening

centos7
security

#1

Hey all,

How do I check for rootkit on my server? Is it possible that SELinux can do this for me on CentOS 7 server? What tool should I install to check file integrity?


#3

For intrusion detection you can use the following software on Linux

  1. Root kit hunter - http://rootkit.nl/projects/rootkit_hunter.html
  2. Locally checks for signs of a rootkit - http://www.chkrootkit.org
  3. AIDE (Advanced Intrusion Detection Environment) is a file and directory integrity checker - http://aide.sourceforge.net
  4. OSSEC is a scalable, multi-platform, open source Host-based Intrusion Detection System (HIDS). It has a powerful correlation and analysis engine, integrating log analysis, file integrity checking, Windows registry monitoring, centralized policy enforcement, rootkit detection, real-time alerting and active response.It runs on most operating systems, including Linux, OpenBSD, FreeBSD, MacOS, Solaris and Windows. - https://ossec.github.io
  5. Also see my Linux Detecting / Checking Rootkits with Chkrootkit and rkhunter Software

#4

Hello
Would you recommend scripts motioned below.


Or do you have a similar script recommendation?


#5

Test them. I don’t use them. I use my own settings as per my needs. YMMV.


#6

What about Lynis tool? It can audit and secure Linux server too.