How to Scan for Rootkits, backdoors and Exploits Using ‘Rootkit Hunter’ in Linux

If You Appreciate What We Do Here On TecMint, You Should Consider:

  1. Stay Connected to: Twitter | Facebook | Google Plus
  2. Subscribe to our email updates: Sign Up Now
  3. Use our Linode referral link if you plan to buy VPS (it starts at only $10/month).
  4. Support us via PayPal donate - Make a Donation
  5. Support us by purchasing our premium books in PDF format.
  6. Support us by taking our online Linux courses

We are thankful for your never ending support.

Ravi Saive

I am Ravi Saive, creator of TecMint. A Computer Geek and Linux Guru who loves to share tricks and tips on Internet. Most Of My Servers runs on Open Source Platform called Linux. Follow Me: Twitter, Facebook and Google+

Your name can also be listed here. Got a tip? Submit it here to become an TecMint author.

RedHat RHCE and RHCSA Certification Book
Linux Foundation LFCS and LFCE Certification Preparation Guide

You may also like...

45 Responses

  1. Khairul Harris says:

    To install rkhunter on my Fedora, I don’t have to dowload rkhunter installer but I executed the following command : $ sudo dnf install rkhunter-1.4.2-11.fc24.noarch .

    • Ravi Saive says:

      @Khairul,

      Thanks for sharing the tip, that means rkhunter included in the recent version of Fedora repositories, that’s good to know, at least we can keep it updated via dnf package manager..

  2. Paras says:

    I have a specific requirement. I want to configure rkit runner but my requirement is to check remote windows machine within the same network to be checked via rkit runner that is installed in a Linux box under the same network.Is it feasible to attain?

  3. Kevin M says:

    Thanks for all that you do Ravi, so I followed your instructions and when I got to the last run of step 2 I get a permission denied instead of the sample output you indicated. What might be wrong?

    • Ravi Saive says:

      @Kevin,

      Thanks for appreciating my work, regarding your problem, you should be root or sudo users to execute those commands shown in Step 2.

      • Kevin M says:

        Thanks, yes I am logged in as root and have also tried sudo but it failed. I went ahead and purchased the paid version from Admin Ahead and there we discovered a major issue with the server. Need to fix that in order to proceed, thanks again for all your help.

  4. Jerald Sabu M says:

    Hi,

    Is it possible to monitor changes of a custom file in rkhunter ?
    Suppose if I want to monitor if “/etc/hosts file” has changed. How do i track that ?

    • Ravi Saive says:

      @Jerald,

      I think it’s possible, you can find the option for tracking single file in manual page of Rkhunter or run:

      # man rkhunter
      
  5. Minhaj says:

    very help full and easy to follow instructions. clean and clear to say. Thanks a lot Mr. Ravi ji.

  6. Sacha Muller says:

    Hi,
    Thanks for your nice job, even a newcomer on Linux like me found it easy to follow.
    Keep on this excellent track.
    Best Regards,
    Sacha

    • Ravi Saive says:

      @Sacha,

      Thanks for liking our article, yes we always make sure that each article is simple to follow for newbies..

  7. Jalal Hajigholamali says:

    Hi,

    Thanks a lot for very useful and nice article

  8. Andy F says:

    When I run /usr/local/bin/rkhunter –cronjob –report-warnings-only I get a bunch of warnings about executables being replaced by perl scripts. What is that? It makes me nervous because I have to run rkhunter as root. What is it doing? Are these false positives? This is the warning: Warning: The command ‘/usr/sbin/adduser’ has been replaced by a script: /usr/sbin/adduser: Perl script, ASCII text executable

  9. Ruben Veiga says:

    Can i use it to see rootkit on other machines??

Got something to say? Join the discussion.

Your email address will not be published. Required fields are marked *

Join Over 300K+ Linux Users
  1. 177,942
  2. 8,310
  3. 37,548

Are you subscribed?