RHEL / CentOS 6.x (64-bit) Malicious Kernel Module Detection (OutlawCountry)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Synopsis :

A malicious kernel module is potentially installed on the remote Linux

Description :

According to diagnostic indicators, the remote Red Hat Enterprise
Linux or CentOS host may have a malicious kernel module known as
OutlawCountry installed. OutlawCountry creates a hidden netfilter
table that allows an authenticated attacker to covertly override
existing netfilter/iptables firewall rules.

Note that only RHEL and CentOS 6.x operating systems running kernel
version 2.6.32 (64-bit) are reportedly affected. OutlawCountry was
disclosed on 2017/06/30 by WikiLeaks as part of their ongoing
'Vault 7' series of leaks.

See also :


Solution :

Refer to the referenced Red Hat solution article.

Risk factor :

High / CVSS Base Score : 9.0

Family: Misc.

Nessus Plugin ID: 101166 ()

Bugtraq ID:


Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now