Questions tagged [rkhunter]

Questions related to the rootkit-detection system rkhunter

The 'rkhunter' tag is for any and all questions relating to the 'rkhunter' program, which is designed to detect and find vulnerabilities which can be caused by rootkits.

Excerpt from its project page:

Rootkit scanner is scanning tool to ensure you for about 99.9%* you're clean of nasty tools. This tool scans for rootkits, backdoors and local exploits by running tests like:

MD5 hash compare
Look for default files used by rootkits
Wrong file permissions for binaries
Look for suspected strings in LKM and KLD modules
Look for hidden files
Optional scan within plaintext and binary files

Rootkit Hunter is released as GPL licensed project and free for everyone to use.

61 questions

votes

11 answers

cron.daily jobs not running

I created 3 daily cron jobs to run. Below are the three that are placed in etc/cron.daily rkhunter.sh #!/bin/sh ( rkhunter --versioncheck rkhunter --update rkhunter --cronjob --report-warnings-only ) | mail -s 'rkhunter Daily Run (my server)'…

asked Aug 25 '13 at 20:55

sonicboom

1,183

votes

1 answer

rkhunter warning about /etc/.java /etc/.udev /etc/.initramfs

I am running Ubuntu 10.04.1 LTS . I am running rkhunter to check for rootkits. rkhunter is complaining about the following hidden files and directories. I think these files are not a real problem on my system, but how can I check to see if these…

10.04 security rkhunter

asked Aug 07 '10 at 04:12

Stefan Lasiewski

4,224

votes

1 answer

What is the sandbox user '_apt' on my system

I ran rkhunter and found out a warning, that there is a new user called _apt on my Ubuntu 16.04 $ grep _apt /etc/passwd _apt:x:124:65534::/nonexistent:/bin/false All I found out is, that it seems that this is a kind of sandbox user for "advanced…

apt users rkhunter

asked Aug 09 '16 at 18:24

rubo77

34,024
52
172
299

votes

1 answer

If I have clamav do I need to install rootkit hunter

So I have clamav the antivirus but is that a protection against rootkits or do I need to install rootkit hunter as well with clamav?

antivirus clamav rootkit rkhunter clamtk

asked Jan 08 '16 at 16:43

Henry WH Hack v3.1.0a

votes

1 answer

How to upgrade rkhunter

When running the command: sudo rkhunter --versioncheck I get the following output: [ Rootkit Hunter version 1.4.0 ] Checking rkhunter version... This version : 1.4.0 Latest version: 1.4.2 Update available But there does not seem to be an…

upgrade updates rkhunter

asked Feb 21 '15 at 13:21

user364819

votes

2 answers

rkhunter: right way to handle warnings further?

I googled some and checked out two first links it found: http://www.skullbox.net/rkhunter.php http://www.techerator.com/2011/07/how-to-detect-rootkits-in-linux-with-rkhunter/ They don't mention what shall I do in case of such warnings: Warning:…

rkhunter

asked Feb 14 '13 at 09:18

zuba

2,423

votes

0 answers

Checking if SSH protocol v1 is allowed

I ran rkhunter -c on a server an the warning that i got was the following: Checking if SSH protocol v1 is allowed [ Warning ] Warning: The SSH configuration option 'Protocol' has not been set. The default value may be '2,1', to allow the use…

server ssh rkhunter

asked Jan 19 '18 at 12:50

Jacques Walker

votes

1 answer

rkhunter psswd and group file changes warning

Today I did a scan of my machine with rkhunter: sudo rkhunter --checkall And these were the warnings that I got: Checking for passwd file changes [ Warning ] Checking for group file changes [ Warning…

rootkit rkhunter

asked Mar 05 '15 at 20:23

user364819

votes

2 answers

Whitelisting ports for detection in rkhunter

I'm trying to figure out in the rkhunter config how I can whitelist the detection of certain ports, such as ports used for IRCds, and other ports which I have for services which run on non-standard ports. Does anyone know how to configure this so…

server rkhunter

asked Apr 16 '11 at 05:16

Thomas Ward

78,878

votes

1 answer

Rkhunter still relevant in 2022?

I tried using the RKHunter 1.4.6 (http://downloads.sourceforge.net/project/rkhunter/rkhunter/1.4.6/rkhunter-1.4.6.tar.gz) in Ubuntu20.04 , it is around 4 years old , running it did not find any rootkits on my desktop. But i want to know if it is…

malware rkhunter rootkit

asked Mar 06 '22 at 07:03

rkte

votes

1 answer

Unable to update rkhunter

Today when I ran the command (which I run every day and all is well): sudo rkhunter --update In order to check for updates to database files I got this error every time: [ Rootkit Hunter version 1.4.2 ] Checking rkhunter data files... Checking…

updates rkhunter

asked Jul 17 '15 at 10:57

user364819

votes

3 answers

How to get rkhunter to skip "[Press to continue]"

Every time that I scan my machine with rkhunter using the following command: sudo rkhunter --checkall After it has finished with a certain type of check it asks me: [Press to continue] And this has become rather annoying and I keep…

configuration rkhunter

asked Mar 24 '15 at 16:51

user364819

votes

1 answer

Help, I May Have a Rootkit

It's been a while since I have been here. I have been very preoccupied with trying to sort out endless problems with my devices getting hacked. I have a bridge set up on my home network. It is a TP-Link 841N, and I had wds enabled, connected as a…

openvpn vps rkhunter

asked Jan 19 '15 at 08:59

Chev_603

1,728

votes

1 answer

How to install rkhunter in ubuntu?

Ok I know the question sounds strange but I need help installing rkhunter the accurate way and do I need to follow all the steps in this article https://help.ubuntu.com/community/RKhunter?

malware rootkit rkhunter

asked Feb 12 '16 at 08:07

user491354

votes

2 answers

RKhunter and Chkrootkit

Running rkhunter showed the following error message-"Invalid SCRIPTWHITELIST configuration option: Non-existent pathname: /usr/bin/lwp-request". A quick search showed that I could get away with it by "commenting" the line…

rkhunter chkrootkit

asked Jul 26 '15 at 16:23

Mayank Singh

2 3 4 5 Next