rkhunter

This article relies excessively on references to primary sources. Please improve this article by adding secondary or tertiary sources. Find sources: "Rkhunter" – news · newspapers · books · scholar · JSTOR (May 2023) (Learn how and when to remove this message)

rkhunter (Rootkit Hunter) is a Unix-based tool that scans for rootkits, backdoors and possible local exploits.^[1] It does this by comparing SHA-1 hashes of important files with known good ones in online databases, searching for default directories (of rootkits), wrong permissions, hidden files, suspicious strings in kernel modules, and special tests for Linux and FreeBSD. rkhunter is notable due to its inclusion in popular operating systems (Fedora,^[2] Debian,^[3] etc.)

The tool has been written in Bourne shell, to allow for portability. It can run on almost all UNIX-derived systems.

In 2003, developer Michael Boelen released the version of Rootkit Hunter. After several years of development, early 2006, he agreed to hand over development to a development team. Since that time eight people have been working to set up the project properly and work towards the much-needed maintenance release. The project has since been moved to SourceForge.

Both the GitHub and the SourceForge web resources seem to be sponsored by 'dogsbody' while code work seems to be being carried out by John Horne. This appears to be 'work-in-progress' but caution for Website spoofing and similar should always be exercised.^[4]

Lua error in mw.title.lua at line 392: bad argument #2 to 'title.new' (unrecognized namespace name 'Portal').

• chkrootkit
• Lynis
• OSSEC
• Samhain (software)
• Host-based intrusion detection system comparison
• Hardening (computing)
• Linux malware
• MalwareMustDie
• Rootkit

• Official website
• Old rkhunter web page