Projects / Trojan Scan

Trojan Scan

Trojan Scan is a simple shell script that allows for simple but relatively effective checking for trojans, rootkits and other malware that may be using your server and network for unwanted (and possibly illegal) purposes. It is relatively simple and won't catch them all, but can help to find these programs on shared servers with many users. It works by listing all process that use the Internet with the lsof command (using -Pni flags). This list is then transformed into signatures, which are then are matched against the allowed process defined in the configuration. If any signatures of running processes are found that do not match the allowed signatures, an email report is sent including ps, ls, and optional lsof output for the unknown processes.

Tags
Licenses
Operating Systems
Implementation

Recent releases

  •  05 Jun 2014 23:17

    Release Notes: This release added a workaround for changed command output from 'lsof', improved the README slightly, added 'who' output to the report, improved determining of MD5 for 'lsof', fixed an issue with generated configuration having ':X:', added a -f parameter for supplying the configuration file, and included some minor changes to make the script more robust. It has been fixed and tested on Mac OS X 10.8. All debug output is now directed to stderr.

    •  19 Apr 2013 21:39

      Release Notes: This release adds IPv6 support.

      •  31 Mar 2011 19:28

        Release Notes: This release renames all references as Trojan Scan. It adds a check for lsof output format on config generation. It improves generation of configuration by using detected program paths. It adds a warning message on failure to find the required command.

        •  21 Mar 2011 15:08

          Release Notes: Support was added for tail -n. Verbose mode was fixed. lsof output was added for unknown processes only.

          •  23 Aug 2007 14:46

            Release Notes: Support for Darwin was added. Support for the ICMPv6 protocol was added.

            Screenshot

            Project Spotlight

            OpenStack4j

            A Fluent OpenStack client API for Java.

            Screenshot

            Project Spotlight

            TurnKey TWiki Appliance

            A TWiki appliance that is easy to use and lightweight.