Limon is a sandbox developed as a research project written in python, which automatically collects, analyzes, and reports on the run time indicators of Linux malware. It allows one to inspect the Linux malware before execution, during execution, and after execution (post-mortem analysis) by performing static, dynamic and memory analysis using open source tools. Limon analyzes the malware in a controlled environment, monitors its activities and its child processes to determine the nature and purpose of the malware. It determines the malware's process activity, interaction with the file system, network, it also performs memory analysis and stores the analyzed artifacts for later analysis.
Analyzing Linux Malwares Using Limon
http://malware-unplugged.blogspot.com/2015/11/limon-sandbox-for-analyzing-linux.html
Setting up and Configuring Limon
http://malware-unplugged.blogspot.com/2015/11/setting-up-limon-sandbox-for-analyzing.html
Black Hat 2015 Europe Video Recording (Automating Linux Malware Analysis Using Limon Sandbox)
Black Hat 2015 Europe presentation (Automating Linux Malware Analysis Using Limon Sandbox)
https://www.blackhat.com/eu-15/briefings.html#automating-linux-malware-analysis-using-limon-sandbox