Feisty & rkhunter

It’s always good to do a regular rootkitcheckup on your system. A nice tool for doing so is rkhunter.

1.1) What is Rootkit Hunter?
Rootkit Hunter (RKH) is an easy-to-use tool which checks
computers running UNIX (clones) for the presence of rootkits
and other unwanted tools.
1.2) What are rootkits?
Most times they are self-hiding toolkits used by blackhats,
crackers and scriptkiddies, to avoid the eye of the sysadmin.

Installing rkhunter (thru apt)

sudo apt-get install rkhunter

Running a rkhunter report

rkhunter –checkall

The most common “errors” you’ll encounter with Feisty will be for the following files:

/dev/.static
/dev/.udev
/dev/.initramfs

You can let rkhunter ignore these files bye simply adjusting your rkhunter.conf file.

kvaes@ubuntu:~$ grep -i allowhidden /etc/rkhunter.conf
# One directory per line (use multiple ALLOWHIDDENDIR lines)
ALLOWHIDDENDIR=/dev/.static
ALLOWHIDDENDIR=/dev/.initramfs
ALLOWHIDDENDIR=/dev/.initramfs-tools
ALLOWHIDDENFILE=/etc/.pwd.lock

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.