Linux Rootkits

Discussion in 'Linux Beginners' started by CONSTANCE Wright, Jun 11, 2021.

  1. CONSTANCE Wright

    CONSTANCE Wright New Member

    What are some best practices when removing rootkits from a linux ran system?
  2. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    I have never removed rootkits, so i do not know.
    Best practice is to prevent rootkits and other malware from entering the host.
    If it has been established that the host has rootkit, I would say best way to deal with it is to copy data from that host, verify the data does not contain malwares, install a new host from known good media and restore the data. If a host has a rootkit, it is very hard to know when it has been removed completely.
    If the above does not help, enter
    best practices when removing rootkits from a linux
    to Internet Search Engines.
  3. concept21

    concept21 Active Member

    ahrasis likes this.
  4. concept21

    concept21 Active Member

    Here is also a preventive tool:
    AIDE (Advanced Intrusion Detection Environment) is a file and directory integrity checker.

    It checks system integrity by hash.

Share This Page