Unix: Rootkit detection and prevention

If a rootkit is hiding files, processes, log-ins, etc., how would you know? If you can't see it, how would you remove it?

Page 2 of 2

The best defense is, as you'd likely suspect, to follow the security guidelines that help keep the cyberscum from getting a root level foothold onto your system in the first place. These include:

    • running a firewall
    • using good passwords
    • never sharing the root password
    • using sudo to give limited root privileges, but only as needed
    • exercising the principle of least privilege
    • keeping software up-to-date
    • reducing the attack surface of your system by not running any services you don't absolutely need
    • knowing what software should be running on every system you administer
    • enabling secure communications links only -- shut down everything else
    • patching regularly
    • monitoring log files
    • using an IDS

In next week's post, we'll look at some tools and techniques that you can use to help determine if you system might be compromised.

Read more of Sandra Henry-Stocker's Unix as a Second Language blog and follow the latest IT news at ITworld, Twitter and Facebook.

| 1 2 Page 2