Trojan Scan
by
Platforms: FreeBSD, Linux, OpenBSD, POSIX, UNIX
Categories: Host, Intrusion Detection, Monitoring, Monitoring, Network Monitoring, Network Utilities, System Security Management, Usage Monitoring, Utilities
Version: 1.4rc2
URL: http://www.derks.it/tools.html
Trojan scan is a simple shell script that allows for simple but relatively effective checking for trojans, rootkits and other malware that may be using your server and network for unwanted (and possibly illegal) purposes. It works by listing all processes that use the Internet with the lsof command (using -Pni flags). This list is then transformed into signatures. These signatures then are matched against the allowed process defined in the configuration. If any signatures of running processes are found that do not match the allowed signatures, an email report is sent including ps, ls, and optional lsof output.