RHEL / CentOS 6.x (64-bit) Malicious Kernel Module Detection (OutlawCountry)
High Nessus Plugin ID 101166
SynopsisA malicious kernel module is potentially installed on the remote Linux host.
DescriptionAccording to diagnostic indicators, the remote Red Hat Enterprise Linux or CentOS host may have a malicious kernel module known as OutlawCountry installed. OutlawCountry creates a hidden netfilter table that allows an authenticated attacker to covertly override existing netfilter/iptables firewall rules.
Note that only RHEL and CentOS 6.x operating systems running kernel version 2.6.32 (64-bit) are reportedly affected. OutlawCountry was disclosed on 2017/06/30 by WikiLeaks as part of their ongoing 'Vault 7' series of leaks.
SolutionRefer to the referenced Red Hat solution article.