Following the announcement of the beta of the Red Hat Insights malware detection service in August, we are pleased to announce that this service is now generally available. The malware detection service is a monitoring and assessment tool that scans Red Hat Enterprise Linux (RHEL) systems for the presence of malware, utilizing over 180 signatures of known Linux malware provided in partnership with the IBM X-Force Threat Intelligence team. The Insights analysis provides:
- The list of signatures scanned against your RHEL systems, with links to reference information and analysis reports
- Results for individual system scans and aggregated results for all of your RHEL systems
As part of Insights, malware detection is included in your RHEL subscription. Malware detection supports RHEL 8 and 9 hosts.
Getting started
To scan your RHEL systems for potential malware, please follow our getting started guide. For RHEL 8 and 9 hosts that are already registered to Insights, you will need to install the YARA scanning tool, provided in RHEL 8 and 9 appstream repositories, and run your first scan:
$ sudo dnf install yara $ sudo insights-client --collector malware-detection
When the initial test scan completes successfully, you will be prompted to configure your system for a full scan and set options that control the parameters of that scan, such as which file directories are included or excluded. After your first full scan, you can view the results in Insights malware detection. Subsequent scans will need to be run manually, scheduled using a tool like cron, or automated with a Red Hat Ansible Automation Platform playbook.
Please note: Due to the potentially sensitive nature of this information, only Organizational Admins have default access to the results by default. All other users must first be given access to the service, as detailed in section 2.2. of the Insights malware detection guide.
Interpreting the results
In most cases, scans for potential malware threats on your secure RHEL hosts will result in no matches. In the event that potential malware signature matches are found on your systems, you will see a screen like the one below.
Clicking on a signature name will take you to a page that shows the details about the signature, the number of systems that were matched, and details about when and where the matches were found.
What you do next will depend on the capabilities and needs of your organization. For example, you might have an existing playbook or information security team to consult. If you do not have access to those resources and are uncertain on how to proceed, there are a number of vendors who can provide these services, including the IBM X-Force Incident Response team. Please note: Red Hat does not provide threat response services or consultation.
Additional malware signature information
Each of the over 180 signatures of known Linux malware in Insights malware detection includes additional information, such as the type, category and how it is used. Many of the signatures include links to IBM X-Force analysis reports and additional background information on how the malware was initially identified.
Any feedback about the new malware detection service can be sent to us using the Feedback button inside of Insights—you can see it in the above screenshot on the lower right hand side of the page. Please give the Insights malware detection service a try soon!
About the author
Shane McDowell is a Principal Product Manager for Red Hat. He is focused on helping customers manage their infrastructure in the hybrid cloud. He brings 20+ years of experience with delivering and supporting technology solutions to users in a variety of industries, including Information Technology, Talent Acquisition and Residential Management.
Browse by channel
Automation
The latest on IT automation for tech, teams, and environments
Artificial intelligence
Updates on the platforms that free customers to run AI workloads anywhere
Open hybrid cloud
Explore how we build a more flexible future with hybrid cloud
Security
The latest on how we reduce risks across environments and technologies
Edge computing
Updates on the platforms that simplify operations at the edge
Infrastructure
The latest on the world’s leading enterprise Linux platform
Applications
Inside our solutions to the toughest application challenges
Original shows
Entertaining stories from the makers and leaders in enterprise tech
Products
- Red Hat Enterprise Linux
- Red Hat OpenShift
- Red Hat Ansible Automation Platform
- Cloud services
- See all products
Tools
- Training and certification
- My account
- Customer support
- Developer resources
- Find a partner
- Red Hat Ecosystem Catalog
- Red Hat value calculator
- Documentation
Try, buy, & sell
Communicate
About Red Hat
We’re the world’s leading provider of enterprise open source solutions—including Linux, cloud, container, and Kubernetes. We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.
Select a language
Red Hat legal and privacy links
- About Red Hat
- Jobs
- Events
- Locations
- Contact Red Hat
- Red Hat Blog
- Diversity, equity, and inclusion
- Cool Stuff Store
- Red Hat Summit