Rootkit scannerProject information
Rootkit scanner is scanning tool to ensure you for about 99.9%* you're clean of nasty tools. This tool scans for rootkits, backdoors and local exploits by running tests like:System requirements:
- MD5 hash compare
- Look for default files used by rootkits
- Wrong file permissions for binaries
- Look for suspected strings in LKM and KLD modules
- Look for hidden files
- Optional scan within plaintext and binary files
Rootkit Hunter is released as GPL licensed project and free for everyone to use.
* No, not really 99.9%.. It's just another security layer
- Compatible operating system (see 'Supported operating systems')Supported operating systems
- Bourne Again Shell (BASH)
- Most Linux distributions
- Most *BSD distributions
- AIX 4.1.5 / 4.3.3
- ALT Linux
- Aurora Linux
- CentOS 3.1 / 4.0
- Conectiva Linux 6.0
- Debian 3.x
- FreeBSD 4.3 / 4.4 / 4.7 / 4.8 / 4.9 / 4.10
- FreeBSD 5.0 / 5.1 / 5.2 / 5.2.1 / 5.3
- Fedora Core 1 / Core 2 / Core 3
- Gentoo 1.4, 2004.0, 2004.1
- Macintosh OS 10.3.4-10.3.8
- Mandrake 8.1 / 8.2 / 9.0-9.2 / 10.0 / 10.1
- OpenBSD 3.4 / 3.5
- Red Hat Linux 7.0-7.3 / 8 / 9
- Red Hat Enterprise Linux 2.1 / 3.0
- Slackware 9.0 / 9.1 / 10.0 / 10.1
- SME 6.0
- Solaris (SunOS)
- SuSE 7.3 / 8.0-8.2 / 9.0-9.2
- Yellow Dog Linux 3.0 / 3.01
Confirmed to work also on:
- DaNix (Debian clone)
- VectorLinux SOHO 3.2 / 4.0
- CPUBuilders Linux
- Virtuozzo (VPS)
Project related documentation
55808 Trojan - Variant A
Ambient (ark) Rootkit
CiNIK Worm (Slapper.B variant)
Danny-Boy's Abuse Kit
Flea Linux Rootkit
Lockit / LJK2
mod_rootme (Apache backdoor)
NSDAP (RootKit for SunOS)
Optic Kit (Tux)
TBD (Telnet BackDoor)
URK (Universal RootKit)
X-Org SunOS Rootkit
and... some known/unknown sniffers, backdoors like:
Tags: rootkit trojan backdoor
Michael Boelen - Project founder
Rootkit Hunter team -
- Rootkit Hunter FAQ
Lynis Enterprise Suite
Open source software provides trust by having people look into the code. Adjustments are easily made, providing you with a flexible solution for your business. But can you trust systems and software with your data? Lynis provides you this confidence and helps with auditing your systems. So you can verify yourself and trust!
How it works
Lynis is an open source security auditing tool. Its main goal is to audit and harden Unix and Linux based systems. It scans the system by performing many security control checks. Examples include searching for installed software and determine possible configuration flaws.
Many tests are part of common security guidelines and standards, with on top additional security tests. After the scan a report will be displayed with all discovered findings. To provide you with initial guidance, a link is shared to the related Lynis control.
The primary goal of Lynis is to perform a quick scan on your systems and determine room for improvement. Our Lynis Enterprise Suite is also using Lynis as a core component, however with much more functionality on top. Lynis Enterprise focuses on companies serious about their information security policy. Main audience is system administrators, security professionals and auditors working for these kind of companies.
Lynis Enterprise begins, where Lynis stops. The Enterprise Suite also includes central management, reporting, action plans and security measurements.
Central managementNo more custom scripting or deploying systems without hardening going undetected.
Reporting / Implementation PlanThe reporting capabilities are powerful. For example including an overview of the quick wins, or the group of systems with the highest risk rating. This makes it easy for you to determine your priorities. Just check the most important areas first and save a lot of time and efforts!
Lynis PluginsThe software functionality can be extended with the help of plugins. Examples:
- Malware detection
- System statistics
Centralized data can be exported and linked to existing systems. The bigger plans also include the use of an API, to easily export data.Integration possibilities:
- SIEM solutions (event/incident logging)
- Configuration management and automation tools
- CMDB or other ITIL based tooling
The Enterprise solution includes Lynis Collector, a piece of software to handle central collection of data from all systems. Even if your systems do not have direct access to a WAN or internet link, the Collector can act as a proxy.
Get implementation advice, guidance on hardening and see feature requests.
Last, but not least, the proven auditing client Lynis. One of the core components in our solution and already used by thousands of companies and users. You don't want unstable software in your environment and we understand that!
Lynis remains open source and freely available. This way we give back to the community and people can audit their systems for free. At the same time everyone can audit our software. We are confident about our product offering. Join us!
Find weaknesses in your defenses has become easy with Lynis Enterprise Suite. Do you know yours?
Our Lynis tour below will provide you with more benefits.
FeaturesIf you want to audit your environment, have a look at the features of the full suite.
Perform in-depth technical audits to check if systems are really compliant.
Tired of reading long benchmarks? Just run a security scan with Lynis and know your weaknesses. These findings are great input for your system hardening steps.
With focus on Linux and Unix based systems, the Lynis suite includes a powerful security auditing tool. Check how well your patch management strategy is executed. Also determine if your systems are really configured like you had intended during installation time.
Security incident detection and monitoring
With the right configuration and plugins, Lynis perform a really deep investigation. Almost like a forensics team! Traces of malware and malformed files can be detected.
But we don't stop there. New functionality is continuously being added. Stay tuned!
Users of the Lynis Enterprise version will have additional tools and guidance. This includes additional explanations, scripts and examples on solving findings. For some of the plans this also includes additional code snippets. This way you can make optimal use of your existing configuration management solutions (e.g. Cfengine, Puppet).
Compliance and regulations
Dealing with compliance and regulations? Lynis helps you with taking the right measures. Check the related controls and define your improvement plan. Support is available to audit controls from standards like:
- Basel II
- SOx (Sarbanes-Oxley)
(Audit our promises!)
Lynis does more than simple baseline or compliance checking. Configuring a specific setting is simply not enough. That's why our software will also audit proper functioning of software. Don't just trust on compliance checks alone!Examples of audit tests:
- Available authentication methods
- Expired SSL certificates
- Outdated or vulnerable software packages
- Time configuration and proper functioning of NTP daemon
- User accounts without password
- Incorrect file permissions
- Configuration errors
- Firewall rules
We all know those software "solutions" with high requirements. Starting with a specific database engine, reporting software, a lot of storage and enough CPU cores... To make things worse, licenses for every single component. Not for Lynis!
Lynis is written in shell script. Therefore it runs on most systems, without any adjustments. No alterations, no installation and no third party tools needed. But.. if you still prefer to use software packages, that's completely fine with us!
Most security solutions only provide support for the common Linux versions. We simply love all Unix derived systems. Therefore we can support (almost) all of them. We are confident that Lynis run on systems which have the common GNU tools available. Feel free to test our promises!Operatings systems which are confirmed to work:
- Arch Linux
- BackTrack Linux
- CentOS, ClearOS
- Debian, DragonFlyBSD
- Fedora Core, FreeBSD
- Kali, Knoppix
- Linux Mint
- MacOS X, Mageia, Mandriva
- OpenBSD, OpenSolaris, openSUSE, Oracle Linux
- PcBSD, PCLinuxOS
- Red Hat Enterprise Linux (RHEL) and derivatives
- Sabayon, Scientific Linux, Slackware, Solaris 10, SuSE
- Ubuntu and derivatives
Lynis is already included in most software repositories. Also security, vulnerability and pentesting distributions include Lynis. For example Kali Linux, ArchAssault and BlackArch have Lynis available.Other
- Checkpoint GAiA
- Database servers: MySQL, Oracle, PostgreSQL
- E-mail servers: Postfix, Sendmail
- Identity management: OpenLDAP
- Proxy servers: Squid
- Time daemons: dntpd, ntpd, timed
- Web services: Apache, Nginx, PHP
Regulations are increasing, security incidents show up in the news almost daily. It's no wonder companies start to invest in security programs.
You like to be secured, we like to help! Our goal is to spread our technology to as much companies and individuals as possible. We keep Lynis open source, so individuals and small companies can freely use the software.
Passion for Information Security
For companies who would like the full Lynis Enterprise suite, with additional options and support, we have very affordable pricing. We aren't in for the money. We are here to help your business and improve the information security field!
Did we already mention we are passionate about our services?
Discover Pricing »
(Good can be very affordable)