Rootkit scanner is scanning tool to ensure you for about 99.9%* you’re clean of nasty tools. This tool scans for rootkits, backdoors and local exploits by running tests like:
– MD5 hash compare
– Look for default files used by rootkits
– Wrong file permissions for binaries
– Look for suspected strings in LKM and KLD modules
– Look for hidden files
– Optional scan within plaintext and binary files
Rootkit Hunter is released as GPL licensed project and free for everyone to use.
* No, not really 99.9%.. It’s just another security layer
Installing:
Get the latest version from http://sourceforge.net/projects/rkhunter/ I download latest tarball into /tmp folder . Now we should unpack it
# tar -xvf rkhunter-1.4.0.tar.gz
# cd rkhunter-1.4.0
# ./installer.sh --layout default --install
Now lets run rkhunter updater
# rkhunter --update
# rkhunter --propupd
After all we are able to scan entire linux for rootkits
# rkhunter --check