Home Wiki > Rootkit Hunter
Sign up | Login

Rootkit Hunter

tagline: From openSUSE

Rootkit Hunter

Rkhunter.png

Screenshot of Rootkit Hunter in action

Download for openSUSE:

Vendor: Rootkit Hunter project team
Developer: Rootkit Hunter project team
License: opensource
Web: http://rkhunter.sourceforge.net

Tested on openSUSE Recommended articles Related articles
Icon-checked.png

Icon-manual.png Icon-help.png

About Rootkit Hunter (rkhunter)

Rootkit Hunter is a shell script called rkhunter, that scans your Linux operating system for rootkits, backdoors and other related security issues. It can also be used to test applications.


What are Rootkits?

Rootkits are a type of computer malware that actively hides it's existence on a computer, typically by intercepting system calls (but not limited by those means). A rootkit may open what is known as a backdoor into the compromised computer and allow a remote hacker to install software, create user accounts (with root access), change system-wide settings, steal user information (such as, but not limited to passwords, banking details etc), log user activities, delete files and/or folders, as well as other possible activity’s. Some rootkits may also be installed by legitimate companies, see http://en.wikipedia.org/wiki/Rootkit#Sony_BMG_copy_protection_rootkit_scandal for more information.

Warning Rootkit Hunter is not anti-virus software and therefore is not intended as a replacement for anti-virus software. It is merely a tool to check for the possible existence of rootkits, backdoors and other security issues that may be present on your system.

Features

  • Comparing MD5 hashes
  • Looking for default files used by rootkits
  • Checking for wrong file permissions for binaries
  • Looking for suspected strings in LKM and KLD modules
  • Looking for hidden files/folders

Installing rkhunter

There are 2 ways you can install rkhunter, though YaST or your Web browser. To install Rootkit Hunter please follow one of the 2 ways below;

Using YaST

1) Open YaST (as root, see SDB:Login_as_root for help)

2) Click on Software > Software Management

3) Then click on the "Search" tab (on the top left hand corner of the "Software Management" screen)

4) Then type rkhunter and then press enter. (making sure you tick the box next to rkhunter)

5) Click on the "Accept" button. (bottom right hand corner of the "Software Management" screen)

Using your Web browser

1) Open http://software.opensuse.org/package/rkhunter?search_term=rkhunter

2) Then click the Direct Install option. (at the bottom of your screen)

Make sure you choose the correct software package, for your version of openSUSE. You can also click on the link for your openSUSE version at the top right hand corner of this web page.


Setting up rkhunter

Warning You need to make sure that all software installed is legitimate, before you run any of these commands.

Open the command-line (kdesu program in KDE) as root and type the following commands;

rkhunter --propupd --pkgmgr rpm

This will create a database against the file properties stored in the rpm database, of all installed software on the system.

rkhunter --update

This will update Rootkit Hunter's definitions on the rootkits out there.


Using rkhunter

Open the command-line (kdesu program in KDE) as root and type any of the following;

rkhunter --check

This option will check for rootkits and other security issues present on your system.

rkhunter --list [tests | {lang | languages} | rootkits | perl | propfiles]

This option will list some of the supported capabilities of the program. The tests option lists the currently available test names (see the README file for more details). The languages option lists the currently available languages for rkhunter. The rootkits option lists the rootkits that are searched for by rkhunter. The perl option lists the installation status of the perl command and perl modules that may be used by some of the tests.

rkhunter --versioncheck

This option will check to see if there is a higher version available for your system.

rkhunter --version

This option will display the current version of rkhunter installed on your system.

rkhunter --help

As the option name suggests, this option displays help for rkhunter.

There are many more command-line options available for rkhunter, at http://linux.die.net/man/8/rkhunter (rkhunter's online man page)


External links


See also