Jaime Frutos Morales's blog

04/12/2009

Introducing Rootkit Hunter

Filed under: Security, SysAdmin — acidborg @ 14:28

Description: “Rootkit scanner is scanning tool to ensure you for about 99.9%* you’re clean of nasty tools. This tool scans for rootkits, backdoors and local exploits by running tests like:

  • MD5 hash compare
  • Look for default files used by rootkits
  • Wrong file permissions for binaries
  • Look for suspected strings in LKM and KLD modules
  • Look for hidden files
  • Optional scan within plaintext and binary files

Rootkit Hunter is released as GPL licensed project and free for everyone to use“.

Installation:

  • Download the latest version from its web.
  • Uncompress it: tar xvfz rkhunter-*.tar.gz
  • Enter its directory: cd rkhunter-*
  • Install it (as root): ./installer.sh --layout /usr/local --install

Use:

  • To run it (as root): rkhunter --sk -c
  • To check its rsults: less /var/log/rkhunter.log

To obtain valid results, be aware of false positives (check warnings twice) and keep it updated. Remember: security is a process, not a state.

Advertisements

Blog at WordPress.com.

%d bloggers like this: