Select Page

RKHunter – RootKit Hunter

Rootkit scanner is scanning tool to ensure you for about 99.9%* you’re clean of nasty tools. This tool scans for rootkits, backdoors and local exploits by running tests like:

  • MD5 hash compare
  • Look for default files used by rootkits
  • Wrong file permissions for binaries
  • Look for suspected strings in LKM and KLD modules
  • Look for hidden files
  • Optional scan within plaintext and binary files

Rootkit Hunter is released as GPL licensed project and free for everyone to use. # wget
# tar -xzvf rkhunter-1.1.4.tar.gz
# cd rkhunter
# ./

Receive e-mail everyday with the result Rootkit Hunter
For Root user
# crontab -e
For any user
# crontab -e -u username

and add

•0 3 * * * (./usr/local/bin/rkhunter –checkall 2>&1 | mail -s "chkrootkit output" -c [email protected],[email protected] [email protected])

* the correct path can be found with which rkhunter  
This will run Rootkit Hunter at 3:00 am every day, and e-mail the output to [email protected] and copies to [email protected] and [email protected]

If you ever get a positive alarm, you can try to remove the rootkit, but all professionals would advice you to reinstall the server from scratch, and restore a previous backup (that mean saving nothing from server as soon as the rootkit is revealed….)


About The Author

Cédric Walter

I worked with various Insurances companies across Switzerland on online applications handling billion premium volumes. I love to continuously spark my creativity in many different and challenging open-source projects fueled by my great passion for innovation and blockchain technology.In my technical role as a senior software engineer and Blockchain consultant, I help to define and implement innovative solutions in the scope of both blockchain and traditional products, solutions, and services. I can support the full spectrum of software development activities, starting from analyzing ideas and business cases and up to the production deployment of the solutions.I'm the Founder and CEO of Disruptr GmbH.