–tmpdir Use the specified temporary directory –syslog Log the check start and finish times to syslog –summary Show the summary of system check result –sk, –skip-keypress Don’t wait for a keypress after each test r, –rootdir Use the specified root directory –rwo, –report-warnings-only Show only warning messages –propupd … or just for the specified entries –display-logfile Display the logfile at the end –dbdir Use the specified database directory –configfile Use the specified configuration file –cs2, –color-set2 Use the second color set for output C, –config-check Check the configuration file(s), then exit –bindir … Use the specified command directories –append-log Append to the logfile, do not overwrite Here are other useful options for rkhunter as shown in the -h flag:
To start the scanning in your file system, type the command:Īnd if you want check for updates, issue the command:Īfter rkhunter has finished scanning your file system, all the results are logged at /var/log/rkhunter.log. To install rkhunter on a Ubuntu or Debian based distro, you can just type : This tool scans for rootkits, backdoors and local exploits by running tests like: MD5 hash compare, look for default files used by rootkits, wrong file permissions for binaries, look for suspected strings in LKM and KLD modules, look for hidden files, and optional scan within plaintext and binary files. Rootkit hunter or rkhunter is an Open Source General Public License (GPL) Rootkit Scanner similar to chkrootkit which is also pre-installed in BackTrack 5 under Anti-Virus Forensic Tools. p dir1:dir2:dirN path for the external commands used by chkrootkit e exclude known false positive files/dirs, quoted, space separated, READ WARNING IN README Here are other options you can use after issuing the command sudo chkrootkit -h: To start checking for possible rootkits and backdoors in your system, type the command: To install chkrootkit on a Ubuntu or Debian based distro, you can just type : This tool is pre-installed in BackTrack 5 under Anti-Virus Forensic Tools.
Chkrootkit or Check Rootkit is a common open source program or tool used for scanning rootkits, botnets, malwares, etc.
0 kommentar(er)
