[SOLVED] Can anyone recommend a Spyware scanner for ubuntu 17.10

Stev8 · 01-05-2018, 10:28 AM

Hello,

I am running ubuntu 17.10 64 bit with the latest updates.
I was looking into ubuntu maintenance this morning.

I installed the uCare as a cleanup tool.

I know chances of getting spyware on ubuntu in slim to none, but can anyone recommend a malware scanner for ubuntu??

Any input would be greatly appreciated

TenTenths · 01-05-2018, 11:14 AM

Take a look at rkhunter

Stev8 · 01-05-2018, 02:41 PM

Hello,

I have installed rkhunter
by running
sudo apt-get install rkhunter

I run
rkhunter -C to check my configuration file and it states
steve@steve-desktop:~$ sudo rkhunter -C
[sudo] password for steve:
Invalid WEB_CMD configuration option: Relative pathname: "/bin/false"

My config file is below:

# If a configuration option is never set, then the program will assume a
# default value. The text describing the option will state the default value.
# If there is no default, then rkhunter will calculate a value or pathname
# to use. If a value is set for a configuration option, then the default
# value is ignored. If it is wished to keep the default value, as well as
# any other set value, then the default must be explicitly set.
#

#
# If this option is set to '1', it specifies that the mirrors file
# ('mirrors.dat'), which is used when the '--update' and '--versioncheck'
# options are used, is to be rotated. Rotating the entries in the file allows
# a basic form of load-balancing between the mirror sites whenever the above
# options are used.
#
# If the option is set to '0', then the mirrors will be treated as if in a
# priority list. That is, the first mirror listed will always be used first.
# The second mirror will only be used if the first mirror fails, the third
# mirror will only be used if the second mirror fails, and so on.
#
# If the mirrors file is read-only, then the '--versioncheck' command-line
# option can only be used if this option is set to '0'.
#
# The default value is '1'.
#
#ROTATE_MIRRORS=1

#
# If this option is set to '1', it specifies that when the '--update' option is
# used, then the mirrors file is to be checked for updates as well. If the
# current mirrors file contains any local mirrors, these will be prepended to
# the updated file. If this option is set to '0', the mirrors file can only be
# updated manually. This may be useful if only using local mirrors.
#
# The default value is '1'.
#
UPDATE_MIRRORS=0

#
# The MIRRORS_MODE option tells rkhunter which mirrors are to be used when
# the '--update' or '--versioncheck' command-line options are given.
# Possible values are:
# 0 - use any mirror
# 1 - only use local mirrors
# 2 - only use remote mirrors
#
# Local and remote mirrors can be defined in the mirrors file by using the
# 'local=' and 'remote=' keywords respectively.
#
# The default value is '0'.

ChuangTzu · 01-05-2018, 07:23 PM

sudo apt install rkhunter
http://manpages.ubuntu.com/manpages/...khunter.8.html

sudo apt install chkrootkit
http://manpages.ubuntu.com/manpages/...rootkit.1.html

and if you want tips on securing more:
sudo apt install lynis
http://manpages.ubuntu.com/manpages/...8/lynis.8.html

sudo apt install tiger
http://manpages.ubuntu.com/manpages/...8/tiger.8.html

also read:
https://wiki.ubuntu.com/BasicSecurity
https://ubuntuforums.org/showthread.php?t=510812

Stev8 · 01-05-2018, 08:12 PM

With rkhunter

Can someone please tell me why when I ran

I ran rkhunter -C to check my configuration file and it states
steve@steve-desktop:~$ sudo rkhunter -C
[sudo] password for steve:
Invalid WEB_CMD configuration option: Relative pathname: "/bin/false"

Also I sucessfully ran rkhunter, how do I have it fix infected directories.

Man pages are not going to tell me much as i am not that cmdline orientated

Contrary to that is there ANY program that can run and search for malware and fix it in one cmd.

JayVanDo · 05-23-2019, 07:01 PM

in the options file change the setting of WEB_CMD='/bin/false' to WEB_CMD=curl.