The Linux Rootkit Detected a Failure
If you are running a rootkit detector on your Linux computer and you receive a failure message, you need to investigate further to determine why you received the message.
It could mean that the program you are using detected a rootkit and is unable to remove it. However, it could also be a false positive due to a bug.
Rootkits are malicious pieces of software placed on a Linux computer that grant root access to an attacker. To install the rootkit, the attacker either enters a previously gained password or exploits a Linux vulnerability to gain root access and install the malware.
The rootkit often grants the attacker continued root access to the system. Because controlling root access is one of Linux’s most important security measures, rootkits are the most malicious attack on Linux systems.
An attacker with root access has the ability to modify anything on the computer.
Some rootkits are designed to subvert the software used to detect them either by masking themselves from the detection software or by causing the detection software to fail. This makes detecting rootkits difficult.
Rootkit Hunter and chkrootkit are rootkit detection programs continuously updated to defeat the latest rootkit exploits. The programs attempt to remove any detected rootkits.
If you receive a failure message from either of these programs, it means that the program has a bug or it cannot remove the detected rootkit.
The best way to remove rootkits is wipe the hard drive and reinstall the operating system. However, that is not always an option, especially on a business computer. If one rootkit detection program cannot remove a particular rootkit, try a different one.
If you know the name of the rootkit on your system, search online for instructions to remove it. The steps to remove a rootkit vary greatly depending on the exploit used and where on the computer the rootkit exists.
If a rootkit detection program cannot remove a rootkit, you should first check to make sure that the program does not have a known bug. For example, chkrootkit has a bug that detects the sucKit rootkit when it is not present.
Users receive a “failed” message. You can check for known bugs on Launchpad. To protect your Linux computer from rootkits, never give anyone else your root password and install all security updates as soon as they become available.