RKHunter is an open-source intrusion detection tool for Linux system platforms.
Features
- (1) Easy installation, fast operation
- (2) Comprehensive scanning range, capable of detecting various known rootkit signatures, port scans, and checking for changes in common program files
Main Functions
- (1) MD5 checksum test to detect any file modifications
- (2) Detects binaries and system tool files used by rootkits
- (3) Detects trojan program signatures
- (4) Detects file attribute anomalies in most common programs
- (5) Scans any promiscuous mode interfaces and ports commonly used by backdoor programs
- (6) Detects all configuration files, log files, and any abnormal hidden files in directories like /etc/rc.d/
Usage
Execute the rkhunter check command
# rkhunter -c
rkhunter will perform a series of checks, and any problematic areas will be marked with a red Warning alert, which requires you to address these issues.
rkhunter relies on its own database for checks, so keeping the database up-to-date is crucial. Update the database with the command:
# rkhunter --update
Itâs best to include it in the systemâs scheduled tasks.
Installation
Official website: http://rkhunter.sourceforge.net/
After downloading, extract it. I downloaded version 1.4.2
tar zxf rkhunter-1.4.2.tar.gz
Enter the extracted directory to execute the installation script, itâs very fast
cd rkhunter-1.4.2
./installer.sh --install