RKHunter is a professional tool to detect whether the system is infected with rootkit. It executes a series of scripts to confirm whether the server is infected with rootkit. In the official data, RKHunter can do the following things: MD5 verification test, check whether there is any change in the document
Detect binary and system tool files used by rootkit; detect Trojan's signature; detect common program's file attributes for exceptions; detect system related tests; detect hidden files; detect suspicious core module LKM; detect system started listening ports
The biggest advantage of using rkhunter to detect in Linux terminal is that each detection result has different color display. If it is green, there is no problem. If it is red, it should be paid attention to.
Download & install RKHunter
$ tar -xvf rkhunter-1.4.6.tar.gz $ cd rkhunter-1.4.6/ && ./installer.sh --install
Note: in the process of detection, after each part of detection, you need to continue with Enter key
This tool can help the operation and maintenance personnel detect the security status of the server
$ rkhunter --check [ Rootkit Hunter version 1.4.6 ] Checking system commands... Performing 'strings' command checks Checking 'strings' command [ OK ] Performing 'shared libraries' checks Checking for preloading variables [ None found ] Checking for preloaded libraries [ None found ] Checking LD_LIBRARY_PATH variable [ Not found ] Performing file properties checks Checking for prerequisites [ Warning ] /usr/local/bin/rkhunter [ OK ] /usr/sbin/adduser [ OK ] /usr/sbin/chkconfig [ OK ] /usr/sbin/chroot [ OK ] /usr/sbin/depmod [ OK ] /usr/sbin/fsck [ OK ] /usr/sbin/fuser [ OK ] /usr/sbin/groupadd [ OK ] /usr/sbin/groupdel [ OK ] /usr/sbin/groupmod [ OK ] /usr/sbin/grpck [ OK ] /usr/sbin/ifconfig [ OK ] /usr/sbin/ifdown [ Warning ] /usr/sbin/ifup [ Warning ] /usr/sbin/init [ OK ]