Discover LinuxSecurity Features
Verifying Linux Server Security: What Every Admin Needs to Know - Reverse Engineering & Malware Scanning
Reverse Engineering & Malware Scanning
Reverse engineering, or the process of deconstructing an artificial environment such as a Linux system to gain insight into its design, architecture and code, can be extremely helpful in securing or verifying the security of a Linux server. This process plays a central role in malware detection and analysis, as it can help administrators identify security risks such as malware on their systems, which they can then study, eliminate and apply the knowledge they have gained to prevent future attacks. In this section, we will profile our six favorite tools, toolkits and utilities for reverse engineering and malware scanning available to Linux users.
Top Toolkits, Tools & Utilities for Reverse Engineering & Malware Scanning on Linux
REMnux is a free, community-powered toolkit for reverse-engineering and malware analysis. The toolkit conveniently enables analysts to investigate malware without having to find, install and configure the tools needed to do so. REMnux offers a distro which can be either downloaded as a VM in the OVO format and then imported into your hypervisor, installed from scratch on a dedicated host, added to an existing system running a compatible version of Ubuntu, or run as a Docker container.
Chkrootkit is a free and open-source rootkit detector that locally scans for signs of a rootkit and hidden security holes on Unix/Linux systems. The scanner consists of a shell script that checks system binaries for rootkit modification, along with a selection of programs designed to scan systems for different security issues.
Chkrootkit can be downloaded here.
Learn how to install Chkrootkit on Ubuntu 18.04/CentOS 7 in this LinOxide tutorial.
Rkhunter is a powerful and user-friendly open-source tool designed to scan for rootkits, backdoors and local exploits on Linux systems. The comprehensive scanner inspects and analyzes a system to detect hidden security holes.
Rkhunter can be downloaded here.
Lynis is a powerful and popular malware and vulnerability scanning and auditing tool for Unix/Linux operating systems. The free and open-source scanner detects security issues and configuration errors, performs firewall auditing, checks file/directory permissions, file integrity and installed software - and much more.
Lynis can be downloaded here.
Learn how to scan your Linux system with Lynis in this Opensource.com tutorial.
Linux Malware Detect (LMD) is a full-featured, open-source malware scanner designed specifically for hosted environments; however, this tool can be used to detect threats on any Linux system. LMD includes a full reporting system where administrators can view both current and past scan results accompanied by email alerts after every scan - along with an array of other useful features. The scanner can be integrated with the ClamAV scanner engine for improved performance.
Microsoft recently announced Project Freta, a free cloud-based malware scanning tool for Linux. The tool uses snapshot-based memory forensics, comparing thousands of images of Linux VMs to identify previously undetected malware.
Learn how to install and use LMD on CentOS/Fedora/Ubuntu/Debian in this Computing for Geeks tutorial.