Otdfbt

How to chain Python function calls so the behaviour is as follows

Payment instructions allegedly from HomeAway look fishy to me

How water is heavier than petrol eventhough its molecular weight less than petrol?

Different pedals/effects for low strings/notes than high

Where does "0 packages can be updated." come from?

Can a user sell my software (MIT license) without modification?

Soft question: Examples where lack of mathematical rigour cause security breaches?

Frame failure sudden death?

What is the actual quality of machine translations?

Should I give professor gift at the beginning of my PhD?

How can drunken, homicidal elves successfully conduct a wild hunt?

How did students remember what to practise between lessons without any sheet music?

Passing multiple files through stdin (over ssh)

Can the poison from Kingsmen be concocted?

Confusion about off peak timings of London trains

HT12e: How is this a 2¹² encoder?

Find the Factorial From the Given Prime Relationship

Russian equivalents of "no love lost"

Why doesn't Adrian Toomes give up Spider-Man's identity?

Scrum Master role: Reporting?

Is it possible to 'live off the sea'

How did they achieve the Gunslinger's shining eye effect in Westworld?

Is an early checkout possible at a hotel before its reception opens?

How does a transformer increase voltage while decreasing the current?

Are rkhunter and chrootkit still effective linux rootkit scanners?

Tripwire and alternativesHow do I deal with a compromised server?Our security auditor is an idiot. How do I give him the information he wants?Crontab and rkhunter SchedulingRkhunter triggered last night warning for a possible infection. What next?Is there an open source equivalent of Windows software restriction policies for Linux?Heartbleed: What is it and what are options to mitigate it?RKHunter reported processes that are using deleted files or are listening on the networkWhat to do if rkhunter finds a possible rootkit?rkhunter reports suspicious activity /bin/usr/wget and killall permissions changed

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;

0

AFAICT neither have had much activity since the first half of 2014. Are there any other open source linux root scanners out there or reasonable commercial alternatives?

security rootkit rkhunter

share|improve this question

asked Jan 17 '16 at 13:36

steveinatorxsteveinatorx

1013

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  I guess your question will be closed, as product recommendations are off-topic here.
  
  – gf_
  Jan 17 '16 at 13:45
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  The question in the title might be relevant, I'll leave that to the community. But there is softwarerecs.stackexchange.com for software product recommendations which are off-topic for SF.
  
  – HBruijn
  Jan 31 '16 at 15:07
  

  
  
  
  

add a comment | 

0

AFAICT neither have had much activity since the first half of 2014. Are there any other open source linux root scanners out there or reasonable commercial alternatives?

security rootkit rkhunter

share|improve this question

asked Jan 17 '16 at 13:36

steveinatorxsteveinatorx

1013

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  I guess your question will be closed, as product recommendations are off-topic here.
  
  – gf_
  Jan 17 '16 at 13:45
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  The question in the title might be relevant, I'll leave that to the community. But there is softwarerecs.stackexchange.com for software product recommendations which are off-topic for SF.
  
  – HBruijn
  Jan 31 '16 at 15:07
  

  
  
  
  

add a comment | 

AFAICT neither have had much activity since the first half of 2014. Are there any other open source linux root scanners out there or reasonable commercial alternatives?

security rootkit rkhunter

share|improve this question

asked Jan 17 '16 at 13:36

steveinatorxsteveinatorx

1013

share|improve this question

asked Jan 17 '16 at 13:36

steveinatorxsteveinatorx

1013

share|improve this question

asked Jan 17 '16 at 13:36

steveinatorxsteveinatorx

1013

asked Jan 17 '16 at 13:36

steveinatorxsteveinatorx

1013

asked Jan 17 '16 at 13:36

steveinatorxsteveinatorx

1013

1 Answer
1

active

oldest

votes

1

Can't comment on whether these "are still effective", but regarding (a) alternative(s), have a look at Linux Malware Detect aka LMD. Quoting the website:

Linux Malware Detect (LMD) is a malware scanner for Linux released under the GNU GPLv2 license, that is designed around the threats faced in shared hosted environments. It uses threat data from network edge intrusion detection systems to extract malware that is actively being used in attacks and generates signatures for detection. In addition, threat data is also derived from user submissions with the LMD checkout feature and from malware community resources. The signatures that LMD uses are MD5 file hashes and HEX pattern matches, they are also easily exported to any number of detection tools such as ClamAV.

The driving force behind LMD is that there is currently limited availability of open source/restriction free tools for Linux systems that focus on malware detection and more important that get it right. Many of the AV products that perform malware detection on Linux have a very poor track record of detecting threats, especially those targeted at shared hosted environments. [...]

share|improve this answer

answered Jan 17 '16 at 13:44

gf_gf_

4,40221335

add a comment | 

Your Answer

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f749729%2fare-rkhunter-and-chrootkit-still-effective-linux-rootkit-scanners%23new-answer', 'question_page');

);

Post as a guest

Name

Email

Required, but never shown

1

Can't comment on whether these "are still effective", but regarding (a) alternative(s), have a look at Linux Malware Detect aka LMD. Quoting the website:

Linux Malware Detect (LMD) is a malware scanner for Linux released under the GNU GPLv2 license, that is designed around the threats faced in shared hosted environments. It uses threat data from network edge intrusion detection systems to extract malware that is actively being used in attacks and generates signatures for detection. In addition, threat data is also derived from user submissions with the LMD checkout feature and from malware community resources. The signatures that LMD uses are MD5 file hashes and HEX pattern matches, they are also easily exported to any number of detection tools such as ClamAV.

The driving force behind LMD is that there is currently limited availability of open source/restriction free tools for Linux systems that focus on malware detection and more important that get it right. Many of the AV products that perform malware detection on Linux have a very poor track record of detecting threats, especially those targeted at shared hosted environments. [...]

share|improve this answer

answered Jan 17 '16 at 13:44

gf_gf_

4,40221335

add a comment | 

1

Can't comment on whether these "are still effective", but regarding (a) alternative(s), have a look at Linux Malware Detect aka LMD. Quoting the website:

Linux Malware Detect (LMD) is a malware scanner for Linux released under the GNU GPLv2 license, that is designed around the threats faced in shared hosted environments. It uses threat data from network edge intrusion detection systems to extract malware that is actively being used in attacks and generates signatures for detection. In addition, threat data is also derived from user submissions with the LMD checkout feature and from malware community resources. The signatures that LMD uses are MD5 file hashes and HEX pattern matches, they are also easily exported to any number of detection tools such as ClamAV.

The driving force behind LMD is that there is currently limited availability of open source/restriction free tools for Linux systems that focus on malware detection and more important that get it right. Many of the AV products that perform malware detection on Linux have a very poor track record of detecting threats, especially those targeted at shared hosted environments. [...]

share|improve this answer

answered Jan 17 '16 at 13:44

gf_gf_

4,40221335

add a comment | 

Can't comment on whether these "are still effective", but regarding (a) alternative(s), have a look at Linux Malware Detect aka LMD. Quoting the website:

Linux Malware Detect (LMD) is a malware scanner for Linux released under the GNU GPLv2 license, that is designed around the threats faced in shared hosted environments. It uses threat data from network edge intrusion detection systems to extract malware that is actively being used in attacks and generates signatures for detection. In addition, threat data is also derived from user submissions with the LMD checkout feature and from malware community resources. The signatures that LMD uses are MD5 file hashes and HEX pattern matches, they are also easily exported to any number of detection tools such as ClamAV.

The driving force behind LMD is that there is currently limited availability of open source/restriction free tools for Linux systems that focus on malware detection and more important that get it right. Many of the AV products that perform malware detection on Linux have a very poor track record of detecting threats, especially those targeted at shared hosted environments. [...]

share|improve this answer

answered Jan 17 '16 at 13:44

gf_gf_

4,40221335

share|improve this answer

answered Jan 17 '16 at 13:44

gf_gf_

4,40221335

answered Jan 17 '16 at 13:44

gf_gf_

4,40221335

answered Jan 17 '16 at 13:44

gf_gf_

4,40221335