The Linux Rain Linux General/Gaming News, Reviews and Tutorials

Security Auditing Tools For Ubuntu

By Kalyani Rajalingham, published 18/01/2021 in Tutorials

Malware, where aren’t thou found? Well, even our wonderful Ubuntu can be infected. So what can we do about it? Hope and pray we keep our system safe and better yet, audit our systems regularly for malwares and rootkits. There are 4 system auditors for Ubuntu that we will review - lynis, rkhunter, chkrootkit, and clamav.

Tool #1: Lynis

Lynis is a free open-source tool for Linux, mac-os, and UNIX-based systems. Lynis is used for security auditing, compliance testing, penetration testing, vulnerability detection and system hardening.

Installing Lynis

Lynis can be downloaded from

git clone 
cd lynis


./lynis system audit

The latter will scan your system and give you a report. Remember that there can always be false positives, and those you have to check manually.

Tool #2: Rkhunter

RKhunter will scan your systems for rootkits, backdoors, sniffer and exploit scanner. It will also ensure that no changes have been made to your commands, system startup files, and network interfaces. In fact, it will scan your system for at least 292 rootkits.

Installing rkhunter

Rkhunter can be directly installed using the following command:

sudo apt-get install rkhunter -y


Rkhunter will not fix a problem, but rather simply detect the problem for you.

rkhunter {--check | --unlock | --update | --versioncheck | --propupd [{filename | directory | package name},...] | --list [tests | {lang | languages} | rootkits | perl | propfiles] | --config-check | --version | --help} [options]}

First, let’s update it:

sudo rkhunter --update

Next, let’s scan for any potential threats:

sudo rkhunter --check

Tool #3: Chkrootkit

Chkrootkit is a free open-source tool that can detect up to 69 different rootkits, worms and LKMs.

Installing chkrootkit

Chkrootkit can be downloaded by typing:

sudo apt-get install chkrootkit -y 

Alternatively, you can manually install it as well:

Chkrootkit is located at

unzip chkrootkit-master
cd chkrootkit-master
make sense


In order to perform a system check, type:

sudo chkrootkit 

If it was manually installed, then type:


Tool #4: Clamav

Clamav, on the other hand, is a free open-source anti--virus. It is apt at detecting trojans, viruses, and malwares amongst others.

Installing chkrootkit

ClamAV can be installed by typing:

sudo apt-get install clamav


First update it, then run it using:

sudo freshclam
clamscan -r -i <directory>

Tack r stands for recursively, and tack i stands for only show infected files.

Oddly enough, there aren’t many tools to scan for malware out there for Linux. Why? I’m not sure. However, these 4 tools are more than enough to detect malwares, rootkits, and viruses.

About the author

Kalyani Rajalingham (from Sri Lanka, lives in Canada), and is a Linux and code lover.

Tags: security auditing antivirus commandline tutorials
blog comments powered by Disqus