Trojan Scan
Trojan scan is a simple shell script that allows for simple but relatively effective checking for trojans, rootkits and other malware that may be using your server and network for unwanted (and possibly illegal) purposes. It works by listing all processes that use the Internet with the lsof command (using -Pni flags). This list is then transformed into signatures in the form of process_name:port_number:user. These signatures then are matched against the allowed process defined in the configuration. If any signatures of running processes are found that do not match the allowed signatures, an email report is sent including ps, ls, and optional lsof output.
| Tags | Monitoring Networking Systems Administration Utilities |
|---|---|
| Licenses | Apache 2.0 |
| Operating Systems | POSIX GNU/Hurd Linux Mac OS X BSD |
| Implementation | Unix Shell bash |
Recent releases
- 23 Aug 2007 07:46
Changes: Support for Darwin was added. Support for the ICMPv6 protocol was added.
- 23 Nov 2005 00:41
Changes: This version was fixed to remove all temporary files, updated to allow wildcards to be used for programs and protocols, and updated to support specific inbound and/or outbound ports. The generate_defaults() function was renamed to generate_config(). OS support for OpenBSD/FreeBSD was improved. Full ps and lsof output was added.
- 26 Oct 2005 17:46
Changes: This release uses hardcoded program paths, generates a default configuration file, fixes the ls and ps commands in reports, updates the variable RECIPIENTS comment, and adds a TODO file.
- 11 Aug 2005 12:50
Changes: This release sets the umask to 022, fixes minutes in the email subject, and adds the version to the email signature.
- 07 Aug 2005 17:26
Changes: A typo that caused a temporary file to not be removed has been fixed.
