What is Rootkit Hunter ?

Rootkit Hunter or better known as rkhunter is a scanning tool. It helps you to scan out many exploits like backdoors, common exploits like – E-mail injection, Buffer overflows, format string bugs, and rootkits where the name originates from. Rkhunter is a UNIX based tool. The way of working, for rkhunter goes like that it compares SHA-1 hashes for important files with the known good files in an online database. It searches for hidden files, doubtful strings in kernel modules, default directories for rootkits, Optional scan within plain text and binary files. It also performs special tests for FreeBSD and Linux. By performing these tasks, Rootkit Hunter ensures that your system is about 99% free from many kind of nasty tools.

Rootkit Hunter supports most of the Linux distributions like CentOS, Fedora, Ubuntu and Redhat. BSD distributions from BSD 4 to BSD 8 all are supported by Rootkit Hunter. Current version of BSD which is supported by rkhunter is NetBSD.

Rootkit Hunter is tested on following operating systems:

1. Macintosh OS
2. Red Hat Linux
3. Red Hat Enterprise Linux
4. Conectiva Linux
5. Aurora Linux
6. Yellow Dog Linux
7. Solaris (SunOS)
8. Fedora Core

Except the above systems, rkhunter is confirmed to work on:

– VectorLinux SOHO 3.2 / 4.0
– PCLinuxOS
– DaNix (Debian clone)
– Virtuozzo (VPS)

As per the requirements, it only needs two things; First, one is Bourne Again Shell (BASH) a free software Unix Shell exclusively for GNU Project. Second, is an Operating System Compatible with rkhunter. In 2006 initiator and developer of Rootkit Hunter Michael Boelen agreed to hand over the development. As from that time, the development is between eight people. They have been working to set up the Project properly and working towards the maintenance release. The Project is now moved to SourceForge.

Types of RootKit it works on are as follows:
– Application level
– Kernel Level
– Hypervisor level
– Library Level
– Hardware/Firmware level

Powered by BetterDocs