rkhunter: detect rootkits

medical_compRootkits are a kind of malicious software which typically enable access to unauthorized users to a computer. It’s quite difficult to detect a rootkit as it may be able to subvert the software that is intended to find it. rkhunter (Rootkit Hunter) is a Linux utility to detect rootkits (and other system problems).

rkhunter looks for rootkit signatures and uses ClamAV compatible signatures. It also downloads updated signatures and other information from an updated database. In addition to rootkit detection, rkhunter also checks system commands, network, localhost and application versions.

In this tutorial we will explore how to use rkhunter with Ubuntu as the reference platform.

Installation

To install rkhunter on Ubuntu, run:

$ sudo apt-get install rkhunter

Usage

Start with filling the file properties database:

$ sudo rkhunter --propupd

Run the check:

$ sudo rkhunter -c

rkhunter shows a summary at the end. The full logfile is at /var/log/rkhunter.log. To check if you have any issues in your system search for warning in the log.

Comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s