Rootkit scanner is scanning tool to ensure you for about 99.9%* you’re clean of nasty tools. This tool scans for rootkits, backdoors and local exploits by running tests like:
– MD5 hash compare
– Look for default files used by rootkits
– Wrong file permissions for binaries
– Look for suspected strings in LKM and KLD modules
– Look for hidden files
– Optional scan within plaintext and binary files
The futures of the last version 1.3.4
Added IntoXonia-NG rootkit check.
Added Phalanx2 rootkit check.
Added support for TCB shadow files.
The ‘–propupd’ option can now take an optional file, directory or package name after it.
Revised file properties inode check.
Tests against the SSH configuration file now accept the key/value pair.
Improved the O/S name detection.
The Linux ‘os_specific’ test has now been split into two separate tests.
Improved ALLOWPROCDELFILE configuration option.
Improved hidden files and directories check.
The DBDIR directory can now be read-only, after installation.
Improved debug file option.
The system startup file and directory tests have now been merged.
Download , extract
Install using the command ( see also screenshot bellow)
[root@test1 rkhunter-1.3.4]# ./installer.sh --layout oldschool --install
Start the scan
[root@test1 rkhunter-1.3.4]# rkhunter -c
All results have been written to the logfile (/var/log/rkhunter.log)
One or more warnings have been found while checking the system.
Please check the log file (/var/log/rkhunter.log)
Finally your can add rkhunter to your cronjobs that can send daily rapport to your email
(/usr/local/bin/rkhunter -c --cronjob 2>&1 | mail -s "todayRkhunter Scan Report"Your_email@example.com)
chmod +x /etc/cron.daily/rkhunter.sh
For any question please report its in the Forum