genact icon indicating copy to clipboard operation
genact copied to clipboard

Published 20 hours ago • verified publisher icon svenstaro

Module: Malware / Rootkit Check

Open Kovah opened this issue 6 years ago • 1 comments

Implement a module that runs anti malware checks, for example like rhunter:

Performing file properties checks
    Checking for prerequisites                               [ OK ]
    /usr/sbin/adduser                                        [ OK ]
    /usr/sbin/chroot                                         [ OK ]
    /usr/sbin/cron                                           [ WARNING ]
    /usr/sbin/groupadd                                       [ OK ]
    /usr/sbin/groupdel                                       [ OK ]
    /usr/sbin/groupmod                                       [ OK ]
...

Performing check of known rootkit files and directories
    55808 Trojan - Variant A                                 [ Not found ]
    ADM Worm                                                 [ Not found ]
    AjaKit Rootkit                                           [ Not found ]
    Adore Rootkit                                            [ Not found ]
    aPa Kit                                                  [ Not found ]
    Apache Worm                                              [ Not found ]
    Ambient (ark) Rootkit                                    [ Not found ]
    Balaur Rootkit                                           [ Not found ]
    BeastKit Rootkit                                         [ Not found ]
    beX2 Rootkit                                             [ Not found ]
...

Could also display bold warnings like "Machine infected" or something like that.

Kovah avatar Jun 01 '18 16:06 Kovah

Yeah that would be cool!

svenstaro avatar Jun 01 '18 20:06 svenstaro

I'll try to implement this in the next days.

Kovah avatar Aug 29 '22 08:08 Kovah