Author |
Message |
aragon
Joined: 15 Oct 2007 Posts: 1698 Location: Germany
|
Posted: Fri 18 Jul 2008, 05:27 Post subject:
Rootkit Hunter |
|
Homepage: http://www.rootkit.nl/projects/rootkit_hunter.html
Version: 1.3.4
Quote: |
Description
Rootkit scanner
Project information
Rootkit scanner is scanning tool to ensure you for about 99.9%* you're clean of nasty tools. This tool scans for rootkits, backdoors and local exploits by running tests like:
- MD5 hash compare
- Look for default files used by rootkits
- Wrong file permissions for binaries
- Look for suspected strings in LKM and KLD modules
- Look for hidden files
- Optional scan within plaintext and binary files
Rootkit Hunter is released as GPL licensed project and free for everyone to use.
* No, not really 99.9%.. It's just another security layer
|
runtt21 asked for this (http://www.murga-linux.com/puppy/viewtopic.php?t=31489)
start in a terminal with 'rkhunter' .
Compiled in Puppy 4.21.
cheers
aragon
_________________ PUPPY SEARCH: http://wellminded.com/puppy/pupsearch.html
Last edited by aragon on Fri 21 Aug 2009, 11:00; edited 1 time in total
|
Back to top
|
|
 |
runtt21

Joined: 07 Jun 2008 Posts: 1651 Location: BigD Texas
|
Posted: Fri 18 Jul 2008, 09:23 Post subject:
Thank you |
|
WOW,Thank you very much!!!! How did you make it?
|
Back to top
|
|
 |
aragon
Joined: 15 Oct 2007 Posts: 1698 Location: Germany
|
Posted: Fri 21 Aug 2009, 11:01 Post subject:
|
|
uploaded actual version, see main post.
aragon
_________________ PUPPY SEARCH: http://wellminded.com/puppy/pupsearch.html
|
Back to top
|
|
 |
paradj

Joined: 09 Jun 2010 Posts: 8
|
Posted: Mon 06 Dec 2010, 11:02 Post subject:
rkhunter and 5.10 (lucid) Subject description: using sourceforge installer tar.gz |
|
in this distro most debian-targeted source installer shell scripts work
but some get this error"
"$DEB_BUILD_ROOT variable not found."
for rkhunter v1.3.8, this can be fixed using the information here:
http://www.mail-archive.com/rkhunter-users@lists.sourceforge.net/msg01806.html
in a nutshell for v1.3.8
line 176
if [ -n "${DEB_BUILD_ROOT}" ]; then
change to:
if [ -n "$DEB_BUILD_ROOT+x}" ]; then
|
Back to top
|
|
 |
nyunda
Joined: 12 Apr 2011 Posts: 5 Location: west java
|
Posted: Thu 14 Apr 2011, 14:36 Post subject:
|
|
im newbie, i use puppy 520, i run rkhunter -c on rkhunter 1.3.6 & find 1 possible rootkit Xzibit Rootkit.
Found string 'hdparm' in file '/etc/rc.d/rc.sysinit'. Possible rootkit: Xzibit Rootkit
its rootkit or false positive?
& command rkhunter -c is only for check or remove?
thanks
|
Back to top
|
|
 |
nooby
Joined: 29 Jun 2008 Posts: 10548 Location: SwedenEurope
|
Posted: Thu 14 Apr 2011, 15:07 Post subject:
|
|
You use it in Lupu 520 and it is " Compiled in Puppy 4.21"
Could that change something or are such programs immune to such differences?
_________________ I use Google Search on Puppy Forum
not an ideal solution though
|
Back to top
|
|
 |
DPUP5520
Joined: 16 Feb 2011 Posts: 813
|
Posted: Fri 15 Apr 2011, 09:00 Post subject:
|
|
This was happening with another rootkit hunter that someone else had installed, i believe it was chrootkit, except the person was being shown about 10 positives instead of just your one. The best and easiet way to see if it is showing a false positive is to check rootkit it is showing and take a screenshot and then pop in a live cd and boot from that and install and run the program again from there, if it comes out showing the same rootkit than it is a false positive.
_________________ PupRescue 2.5
Puppy Crypt 528
|
Back to top
|
|
 |
|