Select Page

RKHunter – RootKit Hunter

Rootkit scanner is scanning tool to ensure you for about 99.9%* you’re clean of nasty tools. This tool scans for rootkits, backdoors and local exploits by running tests like:

  • MD5 hash compare
  • Look for default files used by rootkits
  • Wrong file permissions for binaries
  • Look for suspected strings in LKM and KLD modules
  • Look for hidden files
  • Optional scan within plaintext and binary files

Rootkit Hunter is released as GPL licensed project and free for everyone to use. # wget http://downloads.rootkit.nl/rkhunter-1.1.4.tar.gz
# tar -xzvf rkhunter-1.1.4.tar.gz
# cd rkhunter
# ./installer.sh


Receive e-mail everyday with the result Rootkit Hunter
For Root user
# crontab -e
For any user
# crontab -e -u username

and add

•0 3 * * * (./usr/local/bin/rkhunter –checkall 2>&1 | mail -s "chkrootkit output" -c mailadr[email protected],[email protected] [email protected])

* the correct path can be found with which rkhunter  
This will run Rootkit Hunter at 3:00 am every day, and e-mail the output to [email protected] and copies to [email protected] and [email protected]

Nota
If you ever get a positive alarm, you can try to remove the rootkit, but all professionals would advice you to reinstall the server from scratch, and restore a previous backup (that mean saving nothing from server as soon as the rootkit is revealed….)

Links

http://www.rootkit.nl/projects/rootkit_hunter.html

0 0 votes
Article Rating
Subscribe
Notify of
0 Comments
Inline Feedbacks
View all comments

Categories

0
Would love your thoughts, please comment.x
()
x