Wiki Table of Contents

Rootkit

Introduction

A rootkit is a set of tools used by an intruder after cracking a computer system. These tools can help the attacker maintain his or her access to the system and use it for malicious purposes. Root kits exist for a variety of operating systems, including Linux.

Rkhunter

Rkhunter is a command line tool that scans for rootkits, backdoors, and possible local exploits. It can be installed from the repos.

Use

  • Upgrade definitions:
    • Type in a root terminal: rkhunter –update
  • Check the system:
    • Type in a root terminal: rkhunter -c
    • Press Enter when prompted to continue testing.
  • For more info type: rkhunter | less

Warning

Using rkhunter alone does not guarantee that a system is uncompromised. It is recommended that you use additional tests, such as chkrootkit (install from repos).

Links


v. 20150810

Leave a Comment

Do NOT follow this link or you will be banned from the site!