Subscribe to the feed

Following the announcement of the beta of the Red Hat Insights malware detection service in August, we are pleased to announce that this service is now generally available. The malware detection service is a monitoring and assessment tool that scans Red Hat Enterprise Linux (RHEL) systems for the presence of malware, utilizing over 180 signatures of known Linux malware provided in partnership with the IBM X-Force Threat Intelligence team. The Insights analysis provides:

  • The list of signatures scanned against your RHEL systems, with links to reference information and analysis reports
  • Results for individual system scans and aggregated results for all of your RHEL systems

As part of Insights, malware detection is included in your RHEL subscription. Malware detection supports RHEL 8 and 9 hosts.

Getting started

To scan your RHEL systems for potential malware, please follow our getting started guide. For RHEL 8 and 9 hosts that are already registered to Insights, you will need to install the YARA scanning tool, provided in RHEL 8 and 9 appstream repositories, and run your first scan:

$ sudo dnf install yara
$ sudo insights-client --collector malware-detection

When the initial test scan completes successfully, you will be prompted to configure your system for a full scan and set options that control the parameters of that scan, such as which file directories are included or excluded. After your first full scan, you can view the results in Insights malware detection. Subsequent scans will need to be run manually, scheduled using a tool like cron, or automated with a Red Hat Ansible Automation Platform playbook.

Please note: Due to the potentially sensitive nature of this information, only Organizational Admins have default access to the results by default. All other users must first be given access to the service, as detailed in section 2.2. of the Insights malware detection guide.

Interpreting the results

In most cases, scans for potential malware threats on your secure RHEL hosts will result in no matches. In the event that potential malware signature matches are found on your systems, you will see a screen like the one below.

A screenshot of the malware signatures list in Red Hat Hybrid Cloud Console

Clicking on a signature name will take you to a page that shows the details about the signature, the number of systems that were matched, and details about when and where the matches were found.

What you do next will depend on the capabilities and needs of your organization. For example, you might have an existing playbook or information security team to consult. If you do not have access to those resources and are uncertain on how to proceed, there are a number of vendors who can provide these services, including the IBM X-Force Incident Response team. Please note: Red Hat does not provide threat response services or consultation.

Additional malware signature information

Each of the over 180 signatures of known Linux malware in Insights malware detection includes additional information, such as the type, category and how it is used. Many of the signatures include links to IBM X-Force analysis reports and additional background information on how the malware was initially identified.

A screenshot of an individual malware signature's information in Red Hat Hybrid Cloud Console

Any feedback about the new malware detection service can be sent to us using the Feedback button inside of Insights—you can see it in the above screenshot on the lower right hand side of the page. Please give the Insights malware detection service a try soon!


About the author

Shane McDowell is a Principal Product Manager for Red Hat. He is focused on helping customers manage their infrastructure in the hybrid cloud. He brings 20+ years of experience with delivering and supporting technology solutions to users in a variety of industries, including Information Technology, Talent Acquisition and Residential Management.

Read full bio
UI_Icon-Red_Hat-Close-A-Black-RGB

Browse by channel

automation icon

Automation

The latest on IT automation for tech, teams, and environments

AI icon

Artificial intelligence

Updates on the platforms that free customers to run AI workloads anywhere

open hybrid cloud icon

Open hybrid cloud

Explore how we build a more flexible future with hybrid cloud

security icon

Security

The latest on how we reduce risks across environments and technologies

edge icon

Edge computing

Updates on the platforms that simplify operations at the edge

Infrastructure icon

Infrastructure

The latest on the world’s leading enterprise Linux platform

application development icon

Applications

Inside our solutions to the toughest application challenges

Original series icon

Original shows

Entertaining stories from the makers and leaders in enterprise tech