Rkhunter

From aoxoaWiki
Jump to: navigation, search

rkhunter (Rootkit Hunter) is a security package that will look for O/S modifications that may indicate that your system has been hacked. It is similar to chkrootkit.

It is a fairly low-level utility, and doesn't have a nice GUI interface.

Below are some instructions for building and running the utility.

Building rkhunter

Select your operating system from those below.

OS/X

Download the latest package from sourceforge.net.

Uncompress and expand it:

  gunzip rkhunter-1.4.2.tar.gz
  tar xvf rkhunter-1.4.2.tar
  cd rkhunter-1.4.2

Build the package:

  sudo ./installer.sh --install

Create the properties database

  sudo rkhunter --propupd

Update the database

  sudo rkhunter --update

Run the tool:

  sudo rkhunter --check

Note: some tailoring of rkhunter may be required for OSX. Read this note here.

OpenSuse 13.1

The easiest way to install this is with zypper.

  zypper install rkhunter

Create a database, and then update the definitions

  rkhunter --propupd --pkgmgr rpm
  rkhunter --update

Run the utility with:

  rkhunter --check

Oracle Linux

Download the latest package from sourceforge.net.

Uncompress and expand it:

  gunzip rkhunter-1.4.2.tar.gz
  tar xvf rkhunter-1.4.2.tar
  cd rkhunter-1.4.2

Build the package:

  ./installer.sh --install

Create the properties database

  rkhunter --propupd --pkgmgr RPM

Update the database

  rkhunter --update

Run the tool:

  rkhunter --check

Online Resources

rkhunter.sourceforge.net


Back to Main Page