Home » Centos/RHEL » How to Scan/Detect and Remove Rootkits in Linux

How to Scan/Detect and Remove Rootkits in Linux

A rootkit is a Backdoor shell that allows a hacker to upload and download files from your web server which makes defacing the index page without the use of SSH access. But there is a resolution for removing and detecting rootkits rather than manually probing for suspicious code.
Chkrootkit is an Open Source tool that scans and checks signs of rootkits in your computer locally.

To scan/detect and Remove Rootkits in Linux we are going to install chkrootkit
Download file from the official website and install by using below command.

#wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz
#tar zxvf chkrootkit.tar.gz
#cd chkrootkit-0.49
#chmod +x chkrootkit
#./chkrootkitor

it would start scanning your computer locally

Note :: if you get “Checking `bindshell’… INFECTED (PORTS: 465)” please ignore if you are running cpanel server There it is, it’s nothing to worry about.

About

I am founder and webmaster of www.linuxpcfix.com and working as a Sr. Linux Administrator (Expertise on Linux/Unix & Cloud Server) and have been in the industry from last 7 years.

Leave a Reply

Your email address will not be published. Required fields are marked *

*
*

Time limit is exhausted. Please reload the CAPTCHA.

Categorized Tag Cloud