Best rootkit removal tool for a server?

security software-recommendation server rootkit tools

There are no automated rootkit removal tools for Ubuntu, only tools to check for rootkits.

chkrootkit and rkhunter are fairly robust tools when it comes to detecting rootkits, but they're only as good as their rules. Also look into tripwire, which checks critical files for changes.

You should have all of the above run regularly via cron.


If your system has a rootkit, you should:

  1. Collect any information about running processes on your machine.
  2. Make a copy of RAM and your harddrive.
  3. reformat/repartition your harddrive(s)
  4. Install a new system/restore your backup.

The first two points are useful, if you want to investigate in that issue. Maybe it is also useful to don't touch the system until your investigation has ended.

In case of a rootkit some other person had probably full access of your computer. So it is important to completely remove the old system. Thatswhy you should reformat your drive. If your lucky and have a recent backup, you have to restore it and you're done. If not, you have to reinstall the system. This is the only way to securely remove the rootkit and to come up with a clean system.

Related

External usb 3.0 hard drive is not recognised when plugged into usb 3 port
How to share files/folders between two different Ubuntu computers and are on different network?
Showing all installed programs in Ubuntu
Does Lubuntu use all the latest drivers etcetera?
How to open multi terminal on Ubuntu server?
how to increase mouse movement speed in ubuntu 16.04
Is there any video player that plays Youtube playlists? [duplicate]
rotating screen 90 degrees clockwise
Mountall fails on startup
How to find what packages do not come from a repository? [duplicate]
Can't boot ubuntu 13.10 after install Fedora 20 on a x86_64 EFI machine
How do I make Ubuntu use only free software?