Trojan Scan
Trojan scan is a simple shell script that allows for simple but relatively effective checking for trojans, rootkits and other malware that may be using your server and network for unwanted (and possibly illegal) purposes. It works by listing all processes that use the Internet with the lsof command (using -Pni flags). This list is then transformed into signatures in the form of process_name:port_number:user. These signatures then are matched against the allowed process defined in the configuration. If any signatures of running processes are found that do not match the allowed signatures, an email report is sent including ps, ls, and optional lsof output.
| Tags | Monitoring Networking Systems Administration Utilities |
|---|---|
| Licenses | Apache 2.0 |
| Operating Systems | POSIX GNU/Hurd Linux Mac OS X BSD |
| Implementation | Unix Shell bash |
Recent releases
- 31 Mar 2011 20:51
Release Notes: This release renames all references as Trojan Scan. It adds a check for lsof output format on config generation. It improves generation of configuration by using detected program paths. It adds a warning message on failure to find the required command.
- 21 Mar 2011 17:29
Release Notes: Support was added for tail -n. Verbose mode was fixed. lsof output was added for unknown processes only.
- 23 Aug 2007 07:46
Release Notes: Support for Darwin was added. Support for the ICMPv6 protocol was added.
- 23 Nov 2005 00:41
Release Notes: This version was fixed to remove all temporary files, updated to allow wildcards to be used for programs and protocols, and updated to support specific inbound and/or outbound ports. The generate_defaults() function was renamed to generate_config(). OS support for OpenBSD/FreeBSD was improved. Full ps and lsof output was added.
- 26 Oct 2005 17:46
Release Notes: This release uses hardcoded program paths, generates a default configuration file, fixes the ls and ps commands in reports, updates the variable RECIPIENTS comment, and adds a TODO file.
Heartbeat
- Popularity Score
- 64.25
- Vitality Score
- 7.74
- Subscriptions
- 7
