RKHunter, a Linux security detection tool

About RKHunter

RKHunter is a professional tool to detect whether the system is infected with rootkit. It executes a series of scripts to confirm whether the server is infected with rootkit. In the official data, RKHunter can do the following things: MD5 verification test, check whether there is any change in the document

Detect binary and system tool files used by rootkit; detect Trojan's signature; detect common program's file attributes for exceptions; detect system related tests; detect hidden files; detect suspicious core module LKM; detect system started listening ports

The biggest advantage of using rkhunter to detect in Linux terminal is that each detection result has different color display. If it is green, there is no problem. If it is red, it should be paid attention to.

Download & install RKHunter
https://sourceforge.net/projects/rkhunter/

$ tar -xvf rkhunter-1.4.6.tar.gz

$ cd rkhunter-1.4.6/ && ./installer.sh --install


Start testing

Note: in the process of detection, after each part of detection, you need to continue with Enter key
This tool can help the operation and maintenance personnel detect the security status of the server

$ rkhunter --check 

[ Rootkit Hunter version 1.4.6 ]

Checking system commands...

  Performing 'strings' command checks
    Checking 'strings' command                               [ OK ]

  Performing 'shared libraries' checks
    Checking for preloading variables                        [ None found ]
    Checking for preloaded libraries                         [ None found ]
    Checking LD_LIBRARY_PATH variable                        [ Not found ]

  Performing file properties checks
    Checking for prerequisites                               [ Warning ]
    /usr/local/bin/rkhunter                                  [ OK ]
    /usr/sbin/adduser                                        [ OK ]
    /usr/sbin/chkconfig                                      [ OK ]
    /usr/sbin/chroot                                         [ OK ]
    /usr/sbin/depmod                                         [ OK ]
    /usr/sbin/fsck                                           [ OK ]
    /usr/sbin/fuser                                          [ OK ]
    /usr/sbin/groupadd                                       [ OK ]
    /usr/sbin/groupdel                                       [ OK ]
    /usr/sbin/groupmod                                       [ OK ]
    /usr/sbin/grpck                                          [ OK ]
    /usr/sbin/ifconfig                                       [ OK ]
    /usr/sbin/ifdown                                         [ Warning ]
    /usr/sbin/ifup                                           [ Warning ]
    /usr/sbin/init                                           [ OK ]

Tags: Linux

Posted on Fri, 29 Nov 2019 23:00:36 -0800 by adamking217