Linux rootkit check hardening

Hey all,

How do I check for rootkit on my server? Is it possible that SELinux can do this for me on CentOS 7 server? What tool should I install to check file integrity?

For intrusion detection you can use the following software on Linux

  1. Root kit hunter -
  2. Locally checks for signs of a rootkit -
  3. AIDE (Advanced Intrusion Detection Environment) is a file and directory integrity checker -
  4. OSSEC is a scalable, multi-platform, open source Host-based Intrusion Detection System (HIDS). It has a powerful correlation and analysis engine, integrating log analysis, file integrity checking, Windows registry monitoring, centralized policy enforcement, rootkit detection, real-time alerting and active response.It runs on most operating systems, including Linux, OpenBSD, FreeBSD, MacOS, Solaris and Windows. -
  5. Also see my Linux Detecting / Checking Rootkits with Chkrootkit and rkhunter Software

Would you recommend scripts motioned below.

Or do you have a similar script recommendation?

Test them. I don’t use them. I use my own settings as per my needs. YMMV.

What about Lynis tool? It can audit and secure Linux server too.

Linux sysadmin blog - Linux/Unix Howtos and Tutorials - Linux bash shell scripting wiki