Novell Home

Rootkit Hunter

Novell Cool Solutions: Cool Tool

Rate This Page

Reader Rating  stars  from 15 ratings

Digg This - Slashdot This

In Brief

Easy-to-use tool which checks machines running UNIX (clones) for the presence of rootkits and other unwanted tools.

Vitals

Product Categories:
  • SUSE Linux
    • Functional Categories:
  • Security
    • Posted:30 Jun 2005
    License:GPL
    Download:http://www.rootkit.nl/projects/rootkit_hunter.html
    Publisher: Rootkit.nl

    Disclaimer

    Please read the note from our friends in legal before using this file.


    Details

    This tool sent in by Kory M. Sonnier:

    Rootkit scanner is a scanning tool to ensure you are about 99.9%* you're clean of nasty tools. This tool scans for rootkits, backdoors and local exploits by running tests like:

    • MD5 hash compare
    • Look for default files used by rootkits
    • Wrong file permissions for binaries
    • Look for suspected strings in LKM and KLD modules
    • Look for hidden files
    • Optional scan within plain text and binary files

    Rootkit Hunter is released as GPL licensed project and free for everyone to use.

    * No, not really 99.9%.. It's just another security layer

    Supported operating systems

    Supported:

    • Most Linux distributions
    • Most *BSD distributions

    Currently unsupported:

    • NetBSD

    Tested on:

    • AIX 4.1.5 / 4.3.3
    • ALT Linux
    • Aurora Linux
    • CentOS 3.1 / 4.0
    • Conectiva Linux 6.0
    • Debian 3.x
    • FreeBSD 4.3 / 4.4 / 4.7 / 4.8 / 4.9 / 4.10
    • FreeBSD 5.0 / 5.1 / 5.2 / 5.2.1 / 5.3
    • Fedora Core 1 / Core 2 / Core 3
    • Gentoo 1.4, 2004.0, 2004.1
    • Macintosh OS 10.3.4-10.3.8
    • Mandrake 8.1 / 8.2 / 9.0-9.2 / 10.0 / 10.1
    • OpenBSD 3.4 / 3.5
    • Red Hat Linux 7.0-7.3 / 8 / 9
    • Red Hat Enterprise Linux 2.1 / 3.0
    • Slackware 9.0 / 9.1 / 10.0 / 10.1
    • SME 6.0
    • Solaris (SunOS)
    • SuSE 7.3 / 8.0-8.2 / 9.0-9.2
    • Ubuntu
    • Yellow Dog Linux 3.0 / 3.01

    Confirmed to work also on:

    • DaNix (Debian clone)
    • PCLinuxOS
    • VectorLinux SOHO 3.2 / 4.0
    • CPUBuilders Linux
    • Virtuozzo (VPS)

    (did it work on your operating system? Let me know!)

    How do I install Rootkit Hunter?

    Download the gzipped tarball, extract it and run the installation script.

    download:
    # wget http://downloads.rootkit.nl/rkhunter-<version>.tar.gz
    Note: It doesn't matter where you save the tarball

    extract:
    # tar zxf rkhunter-<version>.tar.gz

    installation:
    # cd rkhunter
    # ./installer.sh

    Or you can create a RPM file with the integrated rkhunter.spec file and install your own package
    rpmbuild -ta rkhunter-<version>.tar.gz

    Note: I don't support any 3rd party RPM file, but I will maintain the spec file. If you have questions/suggestions about the spec file, please let me know.

    Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

    Novell® Making IT Work As One

    © 2008 Novell, Inc. All Rights Reserved.