Search for rootkits with Rootkit Hunter on Linux systems
Takeaway: Learn to use Rootkit Hunter to detect malware on your Linux system.
Delivered each Tuesday, TechRepublic's free Linux NetNote provides tips, articles, and other resources to help you hone your Linux skills. Automatically sign up today!
Until fairly recently, the tool to use for detecting malware on Linux systems was the chkrootkit tool. However, a newer tool with several more available tests and a friendlier interface is now available: Rootkit Hunter (rkhunter).
This tool is available for download from the rootkit Web site. Installation is extremely straight-forward; rkhunter only consists of Perl and shell scripts. After you've downloaded and unpacked the latest version, simply run the installer.sh script to install the program.
In its most basic form, rkhunter scans your system for any signs of malware. In addition, it performs other scans on your system, such as checking for differences between a cached copy of the passwd and group files, checking the sshd_config file to see if root logins are permissible, and so forth.
Every version adds checks for new malware, so keeping up with rkhunter releases is important. Be sure to regularly check the rootkit Web site.
To perform an interactive report, run rkhunter as shown below:
# rkhunter -c
This displays each test that rkhunter performs, pausing occasionally for you to press [Enter]. This ensures that you can see the entire report without scrolling back too far.
You can also perform a simple summary report that allows for viewing the results of rkhunter's work. Here's an example:
# rkhunter -c --report-mode
If you're only interested in the summary, you can place this code in a cron job. If you prefer to have a full report, execute the following:
# rkhunter -c --cronjob
This prevents the display of colors, which may cause the e-mails sent via cron to look a little off. All in all, rkhunter is easy to use and a definite must for anyone running Linux.
Print/View all Posts Comments on this article
great tool
apotheon | 03/03/05
|
 
yup
Jaqui | 03/04/05
|
That, and . . .
apotheon | 03/06/05
|
|
well
Jaqui | 03/07/05
|
|
as I guessed
apotheon | 03/07/05
|
|
RE: Search for rootkits with Rootkit Hunter on Linux systems
devnull@... | 01/18/08
|
White Papers, Webcasts, and Downloads
- Building the Virtualized Enterprise with VMware Infrastructure VMware This paper explains how adopting a virtual infrastructure -- comprised of server, storage, and networking virtualization technologies -- can help your organization build a sustainable competitive ... Download Now
- The Impact of Virtualization Software on Operating Environments VMware Today's use of virtualization technology allows IT professionals to ... Download Now
- Why Isn't Server Virtualization Saving Us More? A Few Small Changes May Dramatically Increase Your Efficiency VMware Ever wonder why your company isn't saving more from its server virtualization? Making a few small changes could dramatically increase your efficiency. Download Now
- VMware Infrastructure: A Guide to Bottom-Line Benefits VMware Frustrated by the high cost of maintaining or building ever-larger data centers? Get the facts you need to formulate your Virtualization Action Plan. Download Now
- Email Security and Archiving - Clearer in the Cloud Google The time is NOW for businesses and organizations of all sizes to implement ... Download Now
Article Categories
- Security
- Security Solutions, IT Locksmith
- Networking and Communications
- E-mail Administration NetNote, Cisco Routers and Switches
- CIO and IT Management
- Project Management, CIO Issues, Strategies that Scale
- Desktops, Laptops & OS
- Windows 2000 Professional, Microsoft Word, Microsoft Excel, Microsoft Access, Windows XP,
- Data Management
- Oracle, SQL Server
- Servers
- Windows NT, Linux NetNote, Windows Server 2003
- Career Development
- Geek Trivia
- Software/Web Development
- Web Development Zone, Visual Basic, .NET
