I’m on the internet for a while looking for the right security tools to locate and diagnose malware on Linux servers. Tools capable of doing system scans on Linux. Tools with capabilities and characteristics similar to Chkrootkit and Rkhunter.
I know that there are many tools to find malware like ClamAV, Linux Malware Detect (maldet), Sophos and Lynis. But most of these tools are intended for system hardening, file servers, email servers or shared hosted environments…
The only tools capable or proper to do system scans on Linux systems that I have found so far are Chkrootkit and Rkhunter, as we can see in a successful detection made by Chkrootkit in this thread https://unix.stackexchange.com/a/567413/61742 .
That is, the other tools are not able to deal with risks for the Linux system itself, such as detecting if the system is infected. In general they are only able to scan specific folders and tell you whether a file is dangerous or not and remove it.
Contrary to what is thought by many people, Linux is vulnerable to malware. Tools like Chkrootkit and Rkhunter play a very important role!
According to the good experiences I had with my servers in my infrastructure, the best way to find malware on Linux is to use several tools together as done in this tool that I made available to the community https://github.com/eduardolucioac/private_tux (BSD-3-Clause license) and that I use on my infrastructure daily.
Finally, I think this question is very relevant to the community, it needs to be done and it was done in the right place!
NOTE: I’m the author of Private_Tux and it has no commercial purposes (BSD-3-Clause license).
What other tools are capable and proper to diagnose risks and/or infections (malware) in the Linux system?