Author: Ruwantha Nissanka

Rootkits are exceedingly nasty pieces of malware that can definitely ruin your day. They can listen for commands from their masters, steal sensitive data and send it to their masters, or provide an easy-access back door for their masters. They’re designed to be stealthy, with the ability to hide themselves from plain view Install Rootkit Hunter For Ubuntu, Rootkit Hunter is in the normal repository. Use the following commands to install Rootkit Hunter in your system. #apt install rkhunter The next thing you’ll need to do is update the rootkit signatures using the — update option: #rkhunter –update Scanning for rootkits To run your scan, use the -c option. (That’s -c for check.) Be patient, because it will take a while: #rkhunter -c When you run the scan in this manner, Rootkit Hunter will periodically stop and ask you to hit the Enter key to continue. When the scan completes, you’ll find a rkhunter.log file in the /var/log directory. Set Rootkit Hunter to run automatically To have Rootkit Hunter automatically run as a cron job, you’ll want to use the –cronjob option, which will cause the program to run all the way through without prompting you to keep hitting the Enter key. You might also want to use the –rwo option, which will cause the program to only report warnings, instead of also reporting on everything that’s good. From...

Viruses are a real problem for computers that run the Windows operating system. But, as far as anyone has been able to tell, there’s no such thing as a virus that can harm a Linux-based operating system. So, the only real reason to run an antivirus solution on a Linux machine is to prevent infecting any Windows machines on your network. if you have a Linux- based email server, Samba server, download server, or any other Linux- based machine that shares files with Windows computers, then installing an antivirus solution is a good idea. Linux Malware Detect, which you’ll often see abbreviated as either LMD or Maldet, is a Free Open Source Software (FOSS) antivirus program that can be installed in a Linux system. When you install it, you’ll get a systemd service that’s already enabled and a cron job that will periodically update both the malware signatures and the program itself. Download and install Maldet Run the following command to download Maldet #wget http://www.rfxn.com/downloads/maldetect-current.tar.gz cd into the directory and run the installer. As you can see, the installer automatically creates the symbolic link that enables the maldet service, and it also automatically downloads and installs the newest malware signatures. Once the installer finishes, copy the README file to your own home directory so that you can have it for ready reference. (This README file is the documentation for...

If you have an untrusted application that needs to be run in your Linux system, you can use a sandbox to run the application in a limited environment. In this way you can use the untrusted application without worrying about the security of your system. Sandboxing with Firejail uses namespaces, SECCOMP, and kernel capabilities to run untrusted applications in their own individual sandboxes. This can help prevent data leakage between applications, and it can help prevent malicious programs from damaging your system. Installing Firejail To install Firejail on your Debian/Ubuntu/Raspbian machine, use the following command: #apt update #apt install firejail After installing, you can run the following command to check the installed version #firejail –version Firejail Profiles When you invoke an application with Firejail, it will automatically load the correct profile for that application, if one exists. If you invoke an application that doesn’t have a profile, Firejail will just load a generic one. To see the profiles, cd into /etc/firejail and take a look: Running an application using firejail The simplest way to use Firejail is to preface the name of the application you want to run with firejail. Let’s start with cherrytree: #firejail cherrytree In the following figure we can see how terminal window looks like when we run application with limited environment Tracking Sandboxes You can also check whether your application is running in a sandbox or...