security
 

How to Check for Rootkit Infections?

Install rkhunter.

Read the "Question Guidelines" link in my posting signature. We're happy to help you with specific problems/questions, but you need to do basic research first. Putting your exact post into Google will give you many answers.

If you have trouble installing/using any of those tools, THEN it is time to post a question. But just asking us to look things up for you is fairly rude.

But also: there is no such thing as an "infection." A computer is not a biologic organism. You can catch a cold by walking into the wrong elevator. Malware is an act of human malice ... augmented by owner carelessness.

To manage to install a root-kit, someone previously compromised your machine completely, and this possibility is very easily avoided. For instance: don't expose ssh directly to the outside world at all! Use OpenVPN with tls-auth and one-of-a-kind digital certificates, and marauders who are searching for "open ports," or for OpenVPN instances, will find ... nothing. Your authorized users will pass easily through the tunnel – and you will know every one of them by name – while no one else can discover it. Only users who have passed through the tunnel will be able to reach ssh or anything else.

I installed rkhunter 1.4.4 which looks like it searches for specific rootkits. I then installed the Reptile rootkit which wasn't picked up.
https://github.com/f0rb1dd3n/Reptile

a lot of tools that require a lot of reading
AIDE, Lynis, AFICK, Samhain, Tiger, ..

no need to correct merriam;
infecting of a computer virus :to become transmitted and copied to (a device, such as a computer)
https://www.merriam-webster.com/dictionary/infecting

Although this has become "idiomatic enough to appear in the dictionary," the term is still fundamentally incorrect when applied to computers.

If you walk into the wrong elevator, after somebody sneezed, you could "catch" a cold or the flu. The RNA sequences in a biological virus are capable of trying to, on their own, replicate themselves into your own cell's DNA in order to transform them into virus-factories that subsequently make you sick until your immune system fights them off (or, until you die).

Rogue software, on its own, is quite incapable of this: it must first be executed, and then, once executing, it must find itself capable of doing its dirty deed. Total penetration of the boot sequence, such as to install root-level malware, requires that the user in whose name the code is executing has such privileges ... and, today, that mechanisms which (for this reason among others) now limit the once-unfettered prerogatives of "root" are not in place.

Thus, even if software that's designed to install a root-kit is "transmitted and copied to" your computer, it will simply sit there like any other file. If it is executed, and if you are at all paying attention, its attempted system-calls, without which it can do nothing, will simply fail with -EINVAL.

Yes, you do need to pay close attention to security. (For instance, "run strong ad-blockers!") But you should not be lured into thinking that malicious computer software is anything more than an opportunist. It won't – it can't – automatically appear on your computer due to the digital equivalent of walking into the wrong elevator.

o.k.
lets play:

two points -
1) word ethymology
2) virus

ad 1)
the weakness of your fundamental argument lies in the fact that you just arbitrary assume specific meaning of the word (here: infection), not to mention that words tend to evolve to the point that they may acquire opposite meaning to the original one or encompass wider area of meaning. Plenty of examples.
So to make it short: unless you will find good reference that rejects computer infection and limits infection to living organisms only, Webster-Merriam is better reference.

ad 2)
I am not sure where viruses came from but this is funny example: viruses are not recognized as living organisms. In fact one can regard virus molecule as set of programs that require host machinery to propagate in the similar way as computer viruses.

I am generating viruses to re-program cells routinely. Just put together few pieces of DNA, transfect cells and induce virus formation. Pretty simple.

So virus is biological "rouge software" that can hijack host machinery and re-program to produce new virions and send message to next cell/host. Virus must be "executed" to spread and do harm, otherwise you would have so called carriers - plenty of examples - where virus can do nothing, will not propagate.

To summarize: computer infection is correct statement and there references for this (not arbitrary statement).
Your virus example is in fact opposite argument to what you wish to make it.

... very interesting ... but entirely (first ...) "etymological," (then ...) "biological."

Absolutely none of which has the slightest relevance to digital hardware and software.

If my biological body inhales a biological virus, and does not fight it off, then I'm in trouble.

If my digital computer is exposed to a digital program, that digital program will ... if it manages to be executed at all ... do nothing more than attempt to do its dirty-work under whatever software privilege-levels it can manage to obtain.

However, here is the key difference:

• A biological entity can initiate the nefarious process itself, thereby assuring its success unless(!) the immune-system actively neutralizes it.
• A digital entity, "nefarious" or not, must somehow be acted upon executed, and then, once it finds itself running as a process upon the target computer, must somehow be privileged(!) to do its dirty work.

Any digital file which "somehow happens to wander its way onto your computer" is in fact a very long way from actually doing damage ... unless it has exploited a back-door in some third-party piece of software that you adopted for your convenience.

For instance, I once had a server become "quite-thoroughly compromised" only because I was lazy: the server came "by easy default" in a configuration that was managed by Plesk, and, (fool that I was at the time ...) I felt time-pressured to neglect to use my good judgment. I wasn't paying attention. The attackers obviously did their dirty work by exploiting a hole in the Plesk configuration, about which of course I had no control. Their attack was obviously automated since it occurred within 48 hours of the server's deployment. "I never made that mistake again," and thereafter the "completely wiped-clean and Plesk-free" machine never presented any further problems.

It has nothing to do with computer infection - whether you like it or not this is official definition that is merriam-webster

Digital information can be incorporated in DNA. Then you have another problem not being able to see a difference between information medium and information.
You can write as many sentences as you like, as long as you do not provide specific reference this is going nowhere and your point of view is just that.
I would suggest to forget about viruses. This is just not the example. This is not a place for lectures about viral mechanisms.
One more example - people are not dying because HIV kills, people are dying because they are compromised = and other pathogens ( quite often not dangerous in non compromised organisms) spread.

Information is information nothing else. You are mixing information information source and information medium.

Just forget about viruses and infection. Both your definitions are wrong and OP was correct in using infection word as in first post (plenty of similar uses on this forum).