Linux Malware entdecken

Betreibt man einen Server gibt es immer das Risiko sich eine sogenannte Backdoor einzuhandeln.

Ein Werkzeug um seinen Linux Server auf vorhandene Malware zu überwachen ist maldet

Linux Malware Detect (LMD) is a malware scanner for Linux released under the GNU GPLv2 license, that is designed around the threats faced in shared hosted environments. It uses threat data from network edge intrusion detection systems to extract malware that is actively being used in attacks and generates signatures for detection.

 maldet -a /var/www/
 Linux Malware Detect v1.4.2
        (C) 2002-2013, R-fx Networks <proj@r-fx.org>
        (C) 2013, Ryan MacDonald <ryan@r-fx.org>
 inotifywait (C) 2007, Rohan McGovern <rohan@mcgovern.id.au>
 This program may be freely redistributed under the terms of the GNU GPL v2
 maldet(4950): {scan} signatures loaded: 13716 (11815 MD5 / 1901 HEX)
 maldet(4950): {scan} building file list for /var/www/, this might take awhile...
 maldet(4950): {scan} file list completed, found xxx files...
 maldet(4950): {scan} found ClamAV clamscan binary, using as scanner engine...
 maldet(4950): {scan} scan of /var/www/ (xxxx files) in progress...
 maldet(4950): {scan} scan completed on /var/www/: files xxx, malware hits 0, cleaned hits 0
 maldet(4950): {scan} scan report saved, to view run: maldet --report 020215-2011.4950

Wie immer gilt. Ein Baustein neben anderen wie rkhunter, chkrootkit usw.