rkhunter (Rootkit Hunter) is a Unix-based tool that scans for rootkits, backdoors and possible local exploits.
Specifically, rkhunter is a shell script which carries out various checks on the local system to try and detect known rootkits and malware. It also performs checks to see if commands have been modified, if the system startup files have been modified, and various checks on the network interfaces, including checks for listening applications.
rkhunter has been written to be as generic as possible, and so should run on most Linux and UNIX systems. It is provided with some support scripts should certain commands be missing from the system, and some of these are Perl scripts.
Key Features
- Compares MD5 hashes of important files with known good ones in online database.
- Searches for:
- Default directories of rootkits.
- Wrong permissions.
- Hidden files.
- Suspicious strings in kernel modules.
- Special tests.
Website: rkhunter.sourceforge.net
Support: Mailing Lists
Developer: Michael Boelen
License: GNU General Public License
rkhunter is written in Perl. Learn Perl with our recommended free books and free tutorials.
Related Software
| Anti-Malware Tools | |
|---|---|
| ClamAV | Antivirus engine for detecting trojans, viruses, malware and other threats |
| YARA | Pattern matching swiss knife for malware researchers |
| Maltrail | Malicious traffic detection system |
| ClamTk | Graphical frontend for ClamAV |
| LMD | Malware scanner focusing on threats faced in shared hosted environments |
| phpMussel | PHP-based anti-virus anti-trojan anti-malware solution |
| libredefender | Antivirus program using libclamav |
| Raspirus | Lightweight signature-based malware scanner |
| FastFinder | Fast suspicious file finder |
| Rootkit Hunter | Scans for rootkits, backdoors and possible local exploits |
| Unhide | Forensic tool to find hidden processes and TCP/UDP ports |
| Hostsblock | Malware-blocking cronscript |
| chkrootkit | Locally checks for signs of a rootkit |
| Lenspect | Lightweight security threat scanner |
Read our verdict in the software roundup.
| Host-Based Intrusion Detection Systems | |
|---|---|
| Wazuh | Platform used for threat prevention, detection, and response |
| OSSEC | Full platform to monitor and control your systems. |
| AIDE | Advanced Intrusion Detection Environment |
| Logwatch | Powerful and versatile log parser and analyzer |
| Samhain | File integrity checking and log file monitoring/analysis and more |
| Sagan | Multi-threads, high performance log analysis engine |
| Tripwire | Security and data integrity tool |
| rkhunter | Scans for rootkits, backdoors and possible local exploits |
| chkrootkit | Locally checks for signs of a rootkit |
Read our verdict in the software roundup.
 Explore our comprehensive directory of recommended free and open source software. Our carefully curated collection spans every major software category.This directory is part of our ongoing series of informative articles for Linux enthusiasts. It features hundreds of detailed reviews, along with open source alternatives to proprietary solutions from major corporations such as Google, Microsoft, Apple, Adobe, IBM, Cisco, Oracle, and Autodesk. You’ll also find interesting projects to try, hardware coverage, free programming books and tutorials, and much more. Know a useful open source Linux program that we haven’t covered yet? Let us know by completing this form. |