How to Scan for Rootkits, backdoors and Exploits Using ‘Rootkit Hunter’ in Linux

If You Appreciate What We Do Here On TecMint, You Should Consider:

  1. Stay Connected to: Twitter | Facebook | Google Plus
  2. Subscribe to our email updates: Sign Up Now
  3. Get your own self-hosted blog with a Free Domain at ($3.95/month).
  4. Become a Supporter - Make a contribution via PayPal
  5. Support us by purchasing our premium books in PDF format.
  6. Support us by taking our online Linux courses

We are thankful for your never ending support.

Ravi Saive

I am Ravi Saive, creator of TecMint. A Computer Geek and Linux Guru who loves to share tricks and tips on Internet. Most Of My Servers runs on Open Source Platform called Linux. Follow Me: Twitter, Facebook and Google+

Your name can also be listed here. Got a tip? Submit it here to become an TecMint author.

RedHat RHCE and RHCSA Certification Book
Linux Foundation LFCS and LFCE Certification Preparation Guide

You may also like...

46 Responses

  1. Fake says: (website looks legit and email OK)
    Did you check this one? I have problems with importing the key. I also have to cut down on screen time.

  2. Khairul Harris says:

    To install rkhunter on my Fedora, I don’t have to dowload rkhunter installer but I executed the following command : $ sudo dnf install rkhunter-1.4.2-11.fc24.noarch .

    • Ravi Saive says:


      Thanks for sharing the tip, that means rkhunter included in the recent version of Fedora repositories, that’s good to know, at least we can keep it updated via dnf package manager..

  3. Paras says:

    I have a specific requirement. I want to configure rkit runner but my requirement is to check remote windows machine within the same network to be checked via rkit runner that is installed in a Linux box under the same network.Is it feasible to attain?

  4. Kevin M says:

    Thanks for all that you do Ravi, so I followed your instructions and when I got to the last run of step 2 I get a permission denied instead of the sample output you indicated. What might be wrong?

    • Ravi Saive says:


      Thanks for appreciating my work, regarding your problem, you should be root or sudo users to execute those commands shown in Step 2.

      • Kevin M says:

        Thanks, yes I am logged in as root and have also tried sudo but it failed. I went ahead and purchased the paid version from Admin Ahead and there we discovered a major issue with the server. Need to fix that in order to proceed, thanks again for all your help.

  5. Jerald Sabu M says:


    Is it possible to monitor changes of a custom file in rkhunter ?
    Suppose if I want to monitor if “/etc/hosts file” has changed. How do i track that ?

    • Ravi Saive says:


      I think it’s possible, you can find the option for tracking single file in manual page of Rkhunter or run:

      # man rkhunter
  6. Minhaj says:

    very help full and easy to follow instructions. clean and clear to say. Thanks a lot Mr. Ravi ji.

  7. Sacha Muller says:

    Thanks for your nice job, even a newcomer on Linux like me found it easy to follow.
    Keep on this excellent track.
    Best Regards,

    • Ravi Saive says:


      Thanks for liking our article, yes we always make sure that each article is simple to follow for newbies..

  8. Jalal Hajigholamali says:


    Thanks a lot for very useful and nice article

  9. Andy F says:

    When I run /usr/local/bin/rkhunter –cronjob –report-warnings-only I get a bunch of warnings about executables being replaced by perl scripts. What is that? It makes me nervous because I have to run rkhunter as root. What is it doing? Are these false positives? This is the warning: Warning: The command ‘/usr/sbin/adduser’ has been replaced by a script: /usr/sbin/adduser: Perl script, ASCII text executable

  10. Ruben Veiga says:

    Can i use it to see rootkit on other machines??

Got something to say? Join the discussion.

Your email address will not be published. Required fields are marked *

Join Over 300K+ Linux Users
  1. 257,757
  2. 11,967
  3. 39,682

Are you subscribed?