What is a rootkit? A rootkit is a set of tools with the goal to hide its presence and to continue providing system access to an attacker. The word rootkit comes from the root user, which is the administrator account on Linux systems and Unix-clones. The kit refers to a toolkit, or a set of tools. Hiding by manipulation The tools in the rootkit are typically altered binaries that provide an alternative truth. They will display everything a typical command would do, except those parts that [...]
The post Detecting Linux rootkits appeared first on Linux Audit.