Page 1 of 1
Rootkit Hunter
Posted: Fri 18 Jul 2008, 09:27
by aragon
Homepage:
http://www.rootkit.nl/projects/rootkit_hunter.html
Version: 1.3.4
Description
Rootkit scanner
Project information
Rootkit scanner is scanning tool to ensure you for about 99.9%* you're clean of nasty tools. This tool scans for rootkits, backdoors and local exploits by running tests like:
- MD5 hash compare
- Look for default files used by rootkits
- Wrong file permissions for binaries
- Look for suspected strings in LKM and KLD modules
- Look for hidden files
- Optional scan within plaintext and binary files
Rootkit Hunter is released as GPL licensed project and free for everyone to use.
* No, not really 99.9%.. It's just another security layer
runtt21 asked for this (
http://www.murga-linux.com/puppy/viewtopic.php?t=31489)
start in a terminal with 'rkhunter' .
Compiled in Puppy 4.21.
cheers
aragon
Thank you
Posted: Fri 18 Jul 2008, 13:23
by runtt21
WOW,Thank you very much!!!! How did you make it?
Posted: Fri 21 Aug 2009, 15:01
by aragon
uploaded actual version, see main post.
aragon
rkhunter and 5.10 (lucid)
Posted: Mon 06 Dec 2010, 15:02
by paradj
in this distro most debian-targeted source installer shell scripts work
but some get this error"
"$DEB_BUILD_ROOT variable not found."
for rkhunter v1.3.8, this can be fixed using the information here:
http://www.mail-archive.com/rkhunter-us ... 01806.html
in a nutshell for v1.3.8
line 176
if [ -n "${DEB_BUILD_ROOT}" ]; then
change to:
if [ -n "$DEB_BUILD_ROOT+x}" ]; then
Posted: Thu 14 Apr 2011, 18:36
by nyunda
im newbie, i use puppy 520, i run rkhunter -c on rkhunter 1.3.6 & find 1 possible rootkit Xzibit Rootkit.
Found string 'hdparm' in file '/etc/rc.d/rc.sysinit'. Possible rootkit: Xzibit Rootkit
its rootkit or false positive?
& command rkhunter -c is only for check or remove?
thanks
Posted: Thu 14 Apr 2011, 19:07
by nooby
You use it in Lupu 520 and it is " Compiled in Puppy 4.21"
Could that change something or are such programs immune to such differences?
Posted: Fri 15 Apr 2011, 13:00
by DPUP5520
This was happening with another rootkit hunter that someone else had installed, i believe it was chrootkit, except the person was being shown about 10 positives instead of just your one. The best and easiet way to see if it is showing a false positive is to check rootkit it is showing and take a screenshot and then pop in a live cd and boot from that and install and run the program again from there, if it comes out showing the same rootkit than it is a false positive.