Tool

Rootkit.nl's picture
tool
Reads:

3001

Score:
0
0
 
Comments:

0

Rootkit Hunter

Author Info

30 June 2005 - 10:48am
Submitted by: Rootkit.nl

Author Blog
Author Profile

Tags

Tags Map
download url: 
http://www.rootkit.nl/projects/rootkit_hunter.html
license: 
GPL

This tool sent in by Kory M. Sonnier:

Rootkit scanner is a scanning tool to ensure you are about 99.9%* you're clean of nasty tools. This tool scans for rootkits, backdoors and local exploits by running tests like:

  • MD5 hash compare
  • Look for default files used by rootkits
  • Wrong file permissions for binaries
  • Look for suspected strings in LKM and KLD modules
  • Look for hidden files
  • Optional scan within plain text and binary files

Rootkit Hunter is released as GPL licensed project and free for everyone to use.

* No, not really 99.9%.. It's just another security layer

Supported operating systems

Supported:

  • Most Linux distributions
  • Most *BSD distributions

Currently unsupported:

  • NetBSD

Tested on:

  • AIX 4.1.5 / 4.3.3
  • ALT Linux
  • Aurora Linux
  • CentOS 3.1 / 4.0
  • Conectiva Linux 6.0
  • Debian 3.x
  • FreeBSD 4.3 / 4.4 / 4.7 / 4.8 / 4.9 / 4.10
  • FreeBSD 5.0 / 5.1 / 5.2 / 5.2.1 / 5.3
  • Fedora Core 1 / Core 2 / Core 3
  • Gentoo 1.4, 2004.0, 2004.1
  • Macintosh OS 10.3.4-10.3.8
  • Mandrake 8.1 / 8.2 / 9.0-9.2 / 10.0 / 10.1
  • OpenBSD 3.4 / 3.5
  • Red Hat Linux 7.0-7.3 / 8 / 9
  • Red Hat Enterprise Linux 2.1 / 3.0
  • Slackware 9.0 / 9.1 / 10.0 / 10.1
  • SME 6.0
  • Solaris (SunOS)
  • SUSE 7.3 / 8.0-8.2 / 9.0-9.2
  • Ubuntu
  • Yellow Dog Linux 3.0 / 3.01

Confirmed to work also on:

  • DaNix (Debian clone)
  • PCLinuxOS
  • VectorLinux SOHO 3.2 / 4.0
  • CPUBuilders Linux
  • Virtuozzo (VPS)

(did it work on your operating system? Let me know!)

How do I install Rootkit Hunter?

Download the gzipped tarball, extract it and run the installation script.

download:
# wget http://downloads.rootkit.nl/rkhunter-<version>.tar.gz
Note: It doesn't matter where you save the tarball

extract:
# tar zxf rkhunter-<version>.tar.gz

installation:
# cd rkhunter
# ./installer.sh

Or you can create a RPM file with the integrated rkhunter.spec file and install your own package
rpmbuild -ta rkhunter-<version>.tar.gz

Note: I don't support any 3rd party RPM file, but I will maintain the spec file. If you have questions/suggestions about the spec file, please let me know.




Related Articles


User Comments

© 2012 Novell