Content added Content deleted
imported>mutante mNo edit summary |
imported>mutante |
||
(2 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
[[rootkit]]-hunter |
|||
rootkithunter |
|||
On [[Debian]]: |
|||
Valid paramters for rkhunter |
|||
apt-cache show rkhunter |
|||
<pre> |
|||
Package: rkhunter |
|||
Priority: optional |
|||
Section: admin |
|||
Installed-Size: 476 |
|||
Maintainer: Micah Anderson <micah@debian.org> |
|||
Architecture: all |
|||
Version: 1.2.8-3 |
|||
Depends: wget, file, mailx, perl, debconf (>= 0.5) | debconf-2.0 |
|||
Recommends: libmd5-perl |
|||
Filename: pool/main/r/rkhunter/rkhunter_1.2.8-3_all.deb |
|||
Size: 114020 |
|||
MD5sum: 5d9a4a118a2e45ea09521500babc0794 |
|||
Description: rootkit, backdoor, sniffer and exploit scanner |
|||
Rootkit Hunter scans your system for known and unknown rootkits, |
|||
backdoors, sniffers and exploits. |
|||
. |
|||
Some of the tests it does: |
|||
- MD5 hash compare |
|||
- Look for default files used by rootkits |
|||
- Wrong file permissions for binaries |
|||
- Look for suspected strings in LKM and KLD modules |
|||
- Look for hidden files |
|||
- Optional scan within plaintext and binary files |
|||
. |
|||
Please note that rkhunter does *not* guarantee your system has |
|||
not been compromised! You should also run additional tests, e.g. using |
|||
chkrootkit and other measures. |
|||
</pre> |
|||
=== Valid parameters === |
|||
<pre> |
<pre> |
||
Line 38: | Line 71: | ||
*) Parameter can only be used with other parameters |
*) Parameter can only be used with other parameters |
||
</pre> |
</pre> |
||
apt-get install rkhunter |
|||
* http://www.rootkit.nl/projects/rootkit_hunter.html |
* http://www.rootkit.nl/projects/rootkit_hunter.html |
Latest revision as of 20:46, 5 May 2006
rootkit-hunter
On Debian:
apt-cache show rkhunter
Package: rkhunter Priority: optional Section: admin Installed-Size: 476 Maintainer: Micah Anderson <micah@debian.org> Architecture: all Version: 1.2.8-3 Depends: wget, file, mailx, perl, debconf (>= 0.5) | debconf-2.0 Recommends: libmd5-perl Filename: pool/main/r/rkhunter/rkhunter_1.2.8-3_all.deb Size: 114020 MD5sum: 5d9a4a118a2e45ea09521500babc0794 Description: rootkit, backdoor, sniffer and exploit scanner Rootkit Hunter scans your system for known and unknown rootkits, backdoors, sniffers and exploits. . Some of the tests it does: - MD5 hash compare - Look for default files used by rootkits - Wrong file permissions for binaries - Look for suspected strings in LKM and KLD modules - Look for hidden files - Optional scan within plaintext and binary files . Please note that rkhunter does *not* guarantee your system has not been compromised! You should also run additional tests, e.g. using chkrootkit and other measures.
Valid parameters[edit]
--checkall (-c) : Check system --createlogfile* : Create logfile --cronjob : Run as cronjob (removes colored layout) --display-logfile : Show logfile at end of the output --help (-h) : Show this help --nocolors* : Don't use colors for output --report-mode* : Don't show uninteresting information for reports --report-warnings-only* : Show only warnings (lesser output than --report-mode , more than --quiet) --skip-application-check* : Don't run application version checks --skip-keypress* : Don't wait after every test (non-interactive) --quick* : Perform quick scan (instead of full scan) --quiet* : Be quiet (only show warnings) --update : Run update tool and check for database updates --version : Show version and quit --versioncheck : Check for latest version --bindir <bindir>* : Use <bindir> instead of using default binaries --configfile <file>* : Use different configuration file --dbdir <dir>* : Use <dbdir> as database directory --rootdir <rootdir>* : Use <rootdir> instead of / (slash at end) --tmpdir <tempdir>* : Use <tempdir> as temporary directory Explicit scan options: --allow-ssh-root-user* : Allow usage of SSH root user ogin --disable-md5-check* : Disable MD5 checks --disable-passwd-check* : Disable passwd/group checks --scan-knownbad-files* : Perform besides 'known good' check a 'known bad' che ck Multiple parameters are allowed *) Parameter can only be used with other parameters
apt-get install rkhunter