rkhunter (Rootkit Hunter) is a security monitoring tool for POSIX compliant systems. It scans for rootkits, and other possible vulnerabilities.
It does so by searching for the default directories (of rootkits), misconfigured permissions, hidden files, kernel modules containing suspicious strings, and comparing hashes of important files with known good ones.
It is written in Bash, to allow for portability, and can run on most UNIX-based systems.
Install the package.
Prior to running RKH for the first time, You will need to update the file properties database:
$ sudo rkhunter --propupd
The main configuration file is located at:
By default, RKH places logs at:
Seefor a full list of options.
Update file properties db:
$ rkhunter --propupd
Run system check:
$ rkhunter -c, --check
- Update RKH after modifying the configuration file:
## -C is Upper case
- RKH will run all tests without asking for confirmation:
- Verbose Logging: