Rootkit Hunter

rkhunter (Rootkit Hunter) is a Unix-based tool that scans for rootkits, backdoors and possible local exploits.

Specifically, rkhunter is a shell script which carries out various checks on the local system to try and detect known rootkits and malware. It also performs checks to see if commands have been modified, if the system startup files have been modified, and various checks on the network interfaces, including checks for listening applications.

rkhunter has been written to be as generic as possible, and so should run on most Linux and UNIX systems. It is provided with some support scripts should certain commands be missing from the system, and some of these are Perl scripts.

Rootkit Hunter

License GNU GPL Developer Michael Boelen Website rkhunter.sourceforge.net Requirements Bourne Again Shell (Bash) exim Support: FAQ, Mailing Lists Selected Reviews: Linux.com

Features include:

• Compares MD5 hashes of important files with known good ones in online database
• Searches for:
• Default directories of rootkits
• Wrong permissions
• Hidden files
• Suspicious strings in kernel modules, and
• Special tests

Last Updated Saturday, May 03 2008 @ 03:07 PM EDT