How in the world is a regular non-root user going to install a rootkit on a Linux workstation?
Just askin! Ted -----Original Message----- From: PLUG <plug-boun...@lists.pdxlinux.org> On Behalf Of MC_Sequoia Sent: Thursday, January 25, 2024 10:34 PM To: Portland Linux/Unix Group <plug@lists.pdxlinux.org> Subject: Re: [PLUG] virus check methods "what do you recommend I should do to make sure none of us are compromised, have trojans, etc? As a long time Debian user and former Sys-Admin, I'd suggest starting with ClamAV and a root kit scanner. Here's a link to some good info on how to install and use both, https://upcloud.com/resources/tutorials/scan-debian-server-malware ClamAV can also be setup to run like any desktop AV app on Windows. Rootkits are an entirely different beast and I never had to deal with them. Here's some more malware and security tools that I found that I'm not familiar with, so I'd suggest doing a bit of research. https://linuxsecurity.com/features/the-three-best-tools-you-need-to-scan-your-linux-system-for-malware Lastly, If you're not familiar with hardening a Debian system and/or you don't know if it has been done, I'd highly recommend getting educated on it ASAP. Here's a good place to start, https://www.debian.org/doc/manuals/securing-debian-manual/automatic-harden.en.html I'm stoked to actually know someone who knows what Siduction is and runs it! I ran Sidux as my production desktop for a few years and just loved it. I've been running Bunsen-Labs since they lost the right to use the name and went to Aptosid. Blech, I vomit in my mouth a lil' whenever I even think of it...
