A rootkit is a set of tools used by an intruder after cracking a computer system. These tools can help the attacker maintain his or her access to the system and use it for malicious purposes. Root kits exist for a variety of operating systems, including Linux.
Rkhunter is a command line tool that scans for rootkits, backdoors, and possible local exploits. It can be installed from the repos.
- Upgrade definitions:
- Type in a root terminal: rkhunter –update
- Check the system:
- Type in a root terminal: rkhunter -c
- Press Enter when prompted to continue testing.
- For more info type: rkhunter | less
Using rkhunter alone does not guarantee that a system is uncompromised. It is recommended that you use additional tests, such as chkrootkit (install from repos).