Language Selection

English French German Italian Portuguese Spanish

Rootkit levels of infection and mitigation

Filed under
HowTos

Hackers don many disguises in order to sneak past IT security guards. The rootkit, one of the most effective disguises, not only masks the intruder, but covers his trail.

The rootkit's origins are deeply rooted in early methods of "backdooring" Unix-based workstations and servers. Current examples encompass a variety of functions and features that further improve upon existing methods (where they don't redefine them outright). Today, the term rootkit is divorced from operating system dependency. While a strong security implementation can help mitigate the effectiveness of rootkit installation, removal of such malware is -- unfortunately -- an inexact science, and usually requires a drive format and full re-installation of the original operating system to ensure a clean and proper restoration.

Understanding this basic principle illustrates precisely why attempts to remove a determined rootkit can be impractical. The very tools used to identify such threats are susceptible to direct manipulation by these threats. One such popular tool used for rootkit detection is chkrootkit[1], which can currently identify 60 known Linux-based rootkits.

Full Story.

More in Tux Machines

Linux Kernel 4.9.5 Released with Updated Radeon Drivers, KVM and PPC Fixes

A new maintenance update of the Linux 4.9 kernel series was announced today by renowned Linux kernel maintainer and developer Greg Kroah-Hartman, versioned 4.9.5. Coming only five days after the previous point release, Linux kernel 4.9.5 appears to be a big milestone that changes a total of 132 files, with 1515 insertions and 821 deletions. There are numerous improvements implemented in this fifth Linux 4.9 maintenance update, but first we'd like to remind you that Greg Kroah-Hartman recently marked this kernel branch as long-term supported (LTS), yet this is not apparent from kernel.org. Read more

Linux-based IoT gateway certified for Azure

IonSign’s “Gluon GMU491 Cloud Gateway” runs Debian on a TI Sitara SoC and aggregates multiple sensor and Modbus inputs for Azure and AWS. Finland-based IonSign has begun shipping an IoT gateway billed as a “complete industrial grade production unit for data collection and edge computing.” The Debian Linux based Gluon GMU491 Cloud Gateway is designed for collecting sensor, meter, fieldbus, or automation system data and packaging it for direct delivery to commercial cloud platforms. Read more

Red Hat Financial News