This guide walks through a real incident where a Linux server was hijacked by a mining virus, detailing step‑by‑step emergency response, systematic forensic investigation, cleanup procedures, and hardening measures to prevent future breaches, complete with scripts and best‑practice recommendations.
This article details a real‑world Linux server intrusion, describing the observed symptoms, the forensic investigation using commands like ps, top, last, and grep, the removal of malicious cron jobs and backdoors, and the lessons learned for securing SSH, file attributes, and cloud security groups.
This article reviews the ten most effective Linux antivirus tools, explains why protection is essential despite Linux's inherent security, and provides concise descriptions of each solution—including Avast, Chkrootkit, ESET NOD32, F‑PROT, Panda Cloud Cleaner, Rootkit Hunter, ClamAV, Firetools, Comodo, and Sophos—to help users choose the right protection for their systems.
This article documents a real‑world Linux server compromise, detailing the observed symptoms, forensic commands, malicious scripts, file‑locking tricks, and a step‑by‑step remediation process including SSH hardening, cron cleanup, chattr usage, and preventive security recommendations.
This article reviews the most effective Linux antivirus solutions, explains why antivirus protection is still needed on Linux servers despite the platform's inherent security, and provides detailed descriptions of each tool along with installation guidance and usage tips.
This article details a real‑world Linux server compromise, describing the symptoms, possible causes, investigative commands, hidden malicious scripts, file attribute locks, and practical remediation steps to restore the system and improve future security.
Researchers from Intezer and BlackBerry uncovered Symbiote, a novel Linux rootkit that loads as a shared library via LD_PRELOAD, hijacks libc and libpcap, uses BPF hooking to hide malicious traffic, and targets credential theft and remote access, especially in Latin American financial sectors.
While eBPF powers modern cloud‑native networking and observability, attackers can exploit its kernel hooks to create stealthy rootkits that manipulate packets, rewrite files, and persist across reboots, so security teams must harden privileges, monitor BPF syscalls, audit loaded programs, and employ signature verification and LSM controls to detect and mitigate these threats.
This comprehensive guide walks Linux administrators through critical security hardening steps—including account and login safeguards, remote access controls, filesystem protection, rootkit detection tools, and post‑attack response procedures—to dramatically reduce server vulnerabilities and maintain robust system integrity.
This guide walks operations engineers through comprehensive Linux hardening techniques—including account and login protection, unnecessary service removal, password and key authentication policies, proper use of sudo, system welcome message sanitization, file‑system safeguards, and practical rootkit detection with chkrootkit and RKHunter—plus a step‑by‑step response plan for compromised servers.
This guide outlines comprehensive Linux security hardening steps—including account protection, service minimization, password policies, sudo usage, file system safeguards, rootkit detection tools, and post‑attack response—to help operations teams secure their servers against common threats.
This article walks through a real‑world Linux server compromise, detailing the symptoms, forensic commands, rootkit discovery, attack vector via an Awstats vulnerability, and provides a comprehensive recovery checklist for securing the system.
This article details a real‑world Linux rootkit intrusion, describing the symptoms, forensic analysis techniques, evidence uncovered, the underlying Awstats vulnerability, and a comprehensive remediation plan to secure the server and prevent future compromises.
This guide presents a comprehensive Linux security hardening checklist covering account and login safety, unnecessary service removal, password and key authentication policies, sudo usage, filesystem protection, remote access safeguards, rootkit detection tools, and step‑by‑step incident response for compromised servers.
This article outlines comprehensive Linux security measures—including account hardening, remote access protection, file system safeguards, rootkit detection tools, and step‑by‑step post‑attack response—to help system administrators strengthen server defenses and quickly recover from compromises.
This guide reviews eight free Linux antivirus tools—ClamAV, ClamTk, ChkrootKit, Rootkit Hunter, Comodo, Sophos, BitDefender, and F‑PROT—detailing their key capabilities, platform support, and how they help protect servers and workstations from malware and rootkits.
This article explains how vulnerabilities, backdoors, and various Oracle rootkit techniques—ranging from simple package tricks to OS‑level and memory‑level attacks—allow attackers to maintain persistent, hidden access to databases, and it offers concrete detection and mitigation strategies.
After a sudden network outage, the author discovers a Linux virtual machine consuming all upstream bandwidth, uncovers a hidden rootkit through process inspection, and documents step‑by‑step methods—including disabling the NIC, using strace, and forcibly removing malicious binaries—to remediate the infection.
This article recounts a real‑world incident on an Ubuntu 12.04 server where massive outbound traffic was traced to a hidden trojan, detailing step‑by‑step investigation, identification of malicious processes, removal techniques, and preventive hardening measures.
The CVE‑2016‑4971 vulnerability in older wget versions allows attackers to redirect HTTP downloads to malicious FTP resources, causing hidden .bash_profile files to be written and executed, which can grant full host compromise and rootkit installation.
This guide walks you through eleven systematic Linux security checks—including account inspection, log review, process analysis, file integrity, RPM verification, network monitoring, scheduled tasks, backdoor detection, kernel modules, services, and rootkit scans—to help identify potential system compromises.
This article walks through a real-world Linux server compromise, detailing the attack symptoms, forensic analysis steps, rootkit discovery, exploitation of an Awstats script vulnerability, and practical remediation measures to restore and harden the affected system.
This article details a real‑world Linux server intrusion, showing how a rootkit exploited an Awstats script vulnerability, the forensic steps to identify malicious processes, hidden files, and compromised accounts, and the recommended remediation actions to restore a secure environment.
