Trojan scan is a simple shell script that allows for simple but relatively effective checking for trojans, rootkits and other malware that may be using your server and network for unwanted (and possibly illegal) purposes. It works by listing all processes that use the Internet with the lsof command (using -Pni flags). This list is then transformed into signatures in the form of process_name:port_number:user. These signatures then are matched against the allowed process defined in the configuration. If any signatures of running processes are found that do not match the allowed signatures, an email report is sent including ps, ls, and optional lsof output.
|Tags||Monitoring Networking Systems Administration Utilities|
|Operating Systems||POSIX GNU/Hurd Linux Mac OS X BSD|
|Implementation||Unix Shell bash|
Release Notes: This release adds IPv6 support.
Release Notes: This release renames all references as Trojan Scan. It adds a check for lsof output format on config generation. It improves generation of configuration by using detected program paths. It adds a warning message on failure to find the required command.
Release Notes: Support was added for tail -n. Verbose mode was fixed. lsof output was added for unknown processes only.
Release Notes: Support for Darwin was added. Support for the ICMPv6 protocol was added.
Release Notes: This version was fixed to remove all temporary files, updated to allow wildcards to be used for programs and protocols, and updated to support specific inbound and/or outbound ports. The generate_defaults() function was renamed to generate_config(). OS support for OpenBSD/FreeBSD was improved. Full ps and lsof output was added.