Friday, May 3, 2024
Homepage · kernel
 Popular · Latest · Hot · Upcoming
9
rated 0 times [  9] [ 0]  / answers: 1 / hits: 9025  / 2 Years ago, tue, july 19, 2022, 6:14:10

To my understanding, rootkits on linux infect the kernel to get root privileges and there are many scanners (I use rkhunter) to scan for rootkits in the kernel, but I have yet to find a program that would remove rootkits.



How would I remove a rootkit in linux? Would I have to download the same kernel and replace the infected files? What is the best way to go about doing this?


More From » kernel
 Answers
2

The intrinsic problem with a rootkit is that it worms it's way deep into your operating system ; if you infected with one, there is no safe way to eliminate it from within the rooted operating system, because if your kernel is compromised, you can't trust anything it says about your files, etc.



Thus to eliminate a rootkit, you have to shut down the OS and manipulate the file system from another OS, and in such a case, it's probably less costly to simply reinstall the operating system rather than try and audit the existing system and repair any rooted components.



As @Cumulus007 points out, the incidence of a rootkit on a desktop-usage Linux system is very low. The odds are a little worse for a server-usage installation, but still very low.


[#36296] Tuesday, July 19, 2022, 2 Years  [reply] [flag answer]
Only authorized users can answer the question. Please sign in first, or register a free account.
shadowoof
Add To Favorites
Follow
Total Points: 293
Total Questions: 112
Total Answers: 137
Location: Burkina Faso
Member since Sun, Nov 21, 2021
3 Years ago
shadowoof questions
Wed, Dec 7, 22, 03:59, 1 Year ago
Thu, Sep 9, 21, 15:29, 3 Years ago
Sat, Jan 14, 23, 23:13, 1 Year ago
Sun, May 8, 22, 22:01, 2 Years ago
Fri, Apr 29, 22, 23:54, 2 Years ago
View All
;