« Check for Listening Services
tiger - UNIX Security Checker »

Rootkit Hunter (RKH)

By Pavs on November 26th, 2007

Rootkit Hunter (RKH) is an easy-to-use tool which checks computers running UNIX (clones) for the presence of rootkits and other unwanted tools. You can use RKH along with ckrootkit to routinely check your system for possible infestation. You could manually update or scan your system or you could use a crontan script like this:

#!/bin/sh

( /usr/local/bin/rkhunter –versioncheck
/usr/local/bin/rkhunter –update
/usr/local/bin/rkhunter –cronjob –report-warnings-only
) | /bin/mail -s ‘rkhunter Daily Run’ root

For Linux systems, if the script is saved in the /etc/cron.daily directory, then the system will automatically run it once per day.

Alternatively, the rkhunter command can be added directly to your root crontab. For example:

30 5 * * * /rkhunter -c –cronjob

Rootkit Hunter will now run at 5:30 (AM).

Rootkit Hunter in action:

2007-11-26-184047_1280x800_scrot 2007-11-26-184226_1280x800_scrot 2007-11-26-184257_1280x800_scrot 2007-11-26-184638_1280x800_scrot 2007-11-26-184700_1280x800_scrot

Related Posts:


Subscribe without commenting


Leave a Reply

Note: Any comments are permitted only because the site owner is letting you post, and any comments will be removed for any reason at the absolute discretion of the site owner.