Rootkit Hunter

0 Likes

This tool sent in by Kory M. Sonnier:



Rootkit scanner is a scanning tool to ensure you are about 99.9%* you're clean of nasty tools. This tool scans for rootkits, backdoors and local exploits by running tests like:



  • MD5 hash compare

  • Look for default files used by rootkits

  • Wrong file permissions for binaries

  • Look for suspected strings in LKM and KLD modules

  • Look for hidden files

  • Optional scan within plain text and binary files


Rootkit Hunter is released as GPL licensed project and free for everyone to use.



* No, not really 99.9%.. It's just another security layer


Supported operating systems



Supported:


  • Most Linux distributions

  • Most *BSD distributions


Currently unsupported:


  • NetBSD


Tested on:


  • AIX 4.1.5 / 4.3.3

  • ALT Linux

  • Aurora Linux

  • CentOS 3.1 / 4.0

  • Conectiva Linux 6.0

  • Debian 3.x

  • FreeBSD 4.3 / 4.4 / 4.7 / 4.8 / 4.9 / 4.10

  • FreeBSD 5.0 / 5.1 / 5.2 / 5.2.1 / 5.3

  • Fedora Core 1 / Core 2 / Core 3

  • Gentoo 1.4, 2004.0, 2004.1

  • Macintosh OS 10.3.4-10.3.8

  • Mandrake 8.1 / 8.2 / 9.0-9.2 / 10.0 / 10.1

  • OpenBSD 3.4 / 3.5

  • Red Hat Linux 7.0-7.3 / 8 / 9

  • Red Hat Enterprise Linux 2.1 / 3.0

  • Slackware 9.0 / 9.1 / 10.0 / 10.1

  • SME 6.0

  • Solaris (SunOS)

  • SUSE 7.3 / 8.0-8.2 / 9.0-9.2

  • Ubuntu

  • Yellow Dog Linux 3.0 / 3.01


Confirmed to work also on:


  • DaNix (Debian clone)

  • PCLinuxOS

  • VectorLinux SOHO 3.2 / 4.0

  • CPUBuilders Linux

  • Virtuozzo (VPS)


(did it work on your operating system? Let me know!)




How do I install Rootkit Hunter?


Download the gzipped tarball, extract it and run the installation script.



download:

# wget http://downloads.rootkit.nl/rkhunter-<version>.tar.gz

Note: It doesn't matter where you save the tarball



extract:

# tar zxf rkhunter-<version>.tar.gz



installation:

# cd rkhunter

# ./installer.sh



Or you can create a RPM file with the integrated rkhunter.spec file and install your own package

rpmbuild -ta rkhunter-<version>.tar.gz



Note: I don't support any 3rd party RPM file, but I will maintain the spec file. If you have questions/suggestions about the spec file, please let me know.

Labels:

Collateral
Comment List
Anonymous
Related Discussions
Recommended