Otdfbt

What's the name of this light airplane?

Why doesn't Adrian Toomes give up Spider-Man's identity?

Was Jesus good at singing?

Genetic limitations to learn certain instruments

How "pissed" come to mean "drunk" or "angry"?

How did they achieve the Gunslinger's shining eye effect in Westworld?

Arriving at the same result with the opposite hypotheses

Implement Homestuck's Catenative Doomsday Dice Cascader

Preventing Employees from either switching to Competitors or Opening Their Own Business

How can I most clearly write a homebrew item that affects the ground below its radius after the initial explosion it creates?

How does a transformer increase voltage while decreasing the current?

Is this a mistake? (regarding maximum likelihood estimator)

Confusion about off peak timings of London trains

Scrum Master role: Reporting?

Soft question: Examples where lack of mathematical rigour cause security breaches?

Why only the fundamental frequency component is said to give useful power?

Taxi Services at Didcot

Why would future John risk sending back a T-800 to save his younger self?

Is the term 'open source' a trademark?

Was the output of the C64 SID chip 8 bit sound?

Frame failure sudden death?

Is it possible to 'live off the sea'

Where does "0 packages can be updated." come from?

When conversion from Integer to Single may lose precision

Are rkhunter and chrootkit still effective linux rootkit scanners?

Tripwire and alternativesHow do I deal with a compromised server?Our security auditor is an idiot. How do I give him the information he wants?Crontab and rkhunter SchedulingRkhunter triggered last night warning for a possible infection. What next?Is there an open source equivalent of Windows software restriction policies for Linux?Heartbleed: What is it and what are options to mitigate it?RKHunter reported processes that are using deleted files or are listening on the networkWhat to do if rkhunter finds a possible rootkit?rkhunter reports suspicious activity /bin/usr/wget and killall permissions changed

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;

0

AFAICT neither have had much activity since the first half of 2014. Are there any other open source linux root scanners out there or reasonable commercial alternatives?

security rootkit rkhunter

share|improve this question

asked Jan 17 '16 at 13:36

steveinatorxsteveinatorx

1013

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  I guess your question will be closed, as product recommendations are off-topic here.
  
  – gf_
  Jan 17 '16 at 13:45
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  The question in the title might be relevant, I'll leave that to the community. But there is softwarerecs.stackexchange.com for software product recommendations which are off-topic for SF.
  
  – HBruijn
  Jan 31 '16 at 15:07
  

  
  
  
  

add a comment | 

0

AFAICT neither have had much activity since the first half of 2014. Are there any other open source linux root scanners out there or reasonable commercial alternatives?

security rootkit rkhunter

share|improve this question

asked Jan 17 '16 at 13:36

steveinatorxsteveinatorx

1013

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  I guess your question will be closed, as product recommendations are off-topic here.
  
  – gf_
  Jan 17 '16 at 13:45
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  The question in the title might be relevant, I'll leave that to the community. But there is softwarerecs.stackexchange.com for software product recommendations which are off-topic for SF.
  
  – HBruijn
  Jan 31 '16 at 15:07
  

  
  
  
  

add a comment | 

AFAICT neither have had much activity since the first half of 2014. Are there any other open source linux root scanners out there or reasonable commercial alternatives?

security rootkit rkhunter

share|improve this question

asked Jan 17 '16 at 13:36

steveinatorxsteveinatorx

1013

share|improve this question

asked Jan 17 '16 at 13:36

steveinatorxsteveinatorx

1013

share|improve this question

asked Jan 17 '16 at 13:36

steveinatorxsteveinatorx

1013

asked Jan 17 '16 at 13:36

steveinatorxsteveinatorx

1013

asked Jan 17 '16 at 13:36

steveinatorxsteveinatorx

1013

1 Answer
1

active

oldest

votes

1

Can't comment on whether these "are still effective", but regarding (a) alternative(s), have a look at Linux Malware Detect aka LMD. Quoting the website:

Linux Malware Detect (LMD) is a malware scanner for Linux released under the GNU GPLv2 license, that is designed around the threats faced in shared hosted environments. It uses threat data from network edge intrusion detection systems to extract malware that is actively being used in attacks and generates signatures for detection. In addition, threat data is also derived from user submissions with the LMD checkout feature and from malware community resources. The signatures that LMD uses are MD5 file hashes and HEX pattern matches, they are also easily exported to any number of detection tools such as ClamAV.

The driving force behind LMD is that there is currently limited availability of open source/restriction free tools for Linux systems that focus on malware detection and more important that get it right. Many of the AV products that perform malware detection on Linux have a very poor track record of detecting threats, especially those targeted at shared hosted environments. [...]

share|improve this answer

answered Jan 17 '16 at 13:44

gf_gf_

4,40221335

add a comment | 

Your Answer

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f749729%2fare-rkhunter-and-chrootkit-still-effective-linux-rootkit-scanners%23new-answer', 'question_page');

);

Post as a guest

Name

Email

Required, but never shown

1

Can't comment on whether these "are still effective", but regarding (a) alternative(s), have a look at Linux Malware Detect aka LMD. Quoting the website:

Linux Malware Detect (LMD) is a malware scanner for Linux released under the GNU GPLv2 license, that is designed around the threats faced in shared hosted environments. It uses threat data from network edge intrusion detection systems to extract malware that is actively being used in attacks and generates signatures for detection. In addition, threat data is also derived from user submissions with the LMD checkout feature and from malware community resources. The signatures that LMD uses are MD5 file hashes and HEX pattern matches, they are also easily exported to any number of detection tools such as ClamAV.

The driving force behind LMD is that there is currently limited availability of open source/restriction free tools for Linux systems that focus on malware detection and more important that get it right. Many of the AV products that perform malware detection on Linux have a very poor track record of detecting threats, especially those targeted at shared hosted environments. [...]

share|improve this answer

answered Jan 17 '16 at 13:44

gf_gf_

4,40221335

add a comment | 

1

Can't comment on whether these "are still effective", but regarding (a) alternative(s), have a look at Linux Malware Detect aka LMD. Quoting the website:

Linux Malware Detect (LMD) is a malware scanner for Linux released under the GNU GPLv2 license, that is designed around the threats faced in shared hosted environments. It uses threat data from network edge intrusion detection systems to extract malware that is actively being used in attacks and generates signatures for detection. In addition, threat data is also derived from user submissions with the LMD checkout feature and from malware community resources. The signatures that LMD uses are MD5 file hashes and HEX pattern matches, they are also easily exported to any number of detection tools such as ClamAV.

The driving force behind LMD is that there is currently limited availability of open source/restriction free tools for Linux systems that focus on malware detection and more important that get it right. Many of the AV products that perform malware detection on Linux have a very poor track record of detecting threats, especially those targeted at shared hosted environments. [...]

share|improve this answer

answered Jan 17 '16 at 13:44

gf_gf_

4,40221335

add a comment | 

Can't comment on whether these "are still effective", but regarding (a) alternative(s), have a look at Linux Malware Detect aka LMD. Quoting the website:

Linux Malware Detect (LMD) is a malware scanner for Linux released under the GNU GPLv2 license, that is designed around the threats faced in shared hosted environments. It uses threat data from network edge intrusion detection systems to extract malware that is actively being used in attacks and generates signatures for detection. In addition, threat data is also derived from user submissions with the LMD checkout feature and from malware community resources. The signatures that LMD uses are MD5 file hashes and HEX pattern matches, they are also easily exported to any number of detection tools such as ClamAV.

The driving force behind LMD is that there is currently limited availability of open source/restriction free tools for Linux systems that focus on malware detection and more important that get it right. Many of the AV products that perform malware detection on Linux have a very poor track record of detecting threats, especially those targeted at shared hosted environments. [...]

share|improve this answer

answered Jan 17 '16 at 13:44

gf_gf_

4,40221335

share|improve this answer

answered Jan 17 '16 at 13:44

gf_gf_

4,40221335

answered Jan 17 '16 at 13:44

gf_gf_

4,40221335

answered Jan 17 '16 at 13:44

gf_gf_

4,40221335