Find and Remove Backdoor on a Linux Server
Please Note:
The text on this page was translated by translation software. A revised version from our editors will be available soon.
This article introduces three tools that can help you identify and remove rootkits and other malware on your server.
Please note: The programs used do not guarantee that every backdoor is found. You can only be really sure when reinitializing the server.
I'm going to write a Look up.
Detect with rkhunter rootkits
Rootkit Hunter checks your server for existing and known root kits.
rkhunter download:
wget http://downloads.sourceforge.net/project/rkhunter/rkhunter/1.4.2/rkhunter-1.4.2.tar.gz
Unpacking:
tar xfz rkhunter-1.4.2.tar.gz
Select the default profile and perform the installation:
sudo ./rkhunter-1.4.2/installer.sh --layout default --install
Select the default profile and perform the installation:
sudo ./rkhunter-1.4.2/installer.sh --layout default --install
Update of the known-bad and known-good hash database:
sudo /usr/local/bin/rkhunter --update --propupd
Execute:
sudo /usr/local/bin/rkhunter --check
Further information and the rkhunter manual can be found on the official website
CLamAV - The anti-virus scanner for Linux and Windows
The open source anti-virus scanner ClamAV is available for the operating systems Windows, Linux, BSD, Solaris and Mac OS X. Installation packages and source code can be downloaded from the official website.
A description of installation on different operating systems can be found here
Maldetect (Linux Malware Detect)
Maldetect is a ClamAV-based malware scanner for Linux. A working ClamAV installation is therefore a prerequisite for using Maldetect.
Download:
wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
Unpacking:
tar xfz maldetect-current.tar.gz
Start installation - Replace 1.x.x with the current version number:
./maldetect-1.x.x/install.sh
Update malware definitions:
maldet -u
View list of suspicious files - The log name appears after the scan is complete:
maldet --report xxxxxx-xxxx.xxxx
More information about Linux Malware Detect can be found on the official website