RKHunter or Rootkit Hunter is a tools in Unix that can help you scan for rootkits, backdoors and possible exploits in your system. You’ll feel a lot safer regarding your system security with this baby. RKHunter was first developed by Michael Boelen which was then he passed it on to eight people and then hosted this project on SourceForge.
I had the chance to test RKHunter today when I suspected one of my VPS might be planted with rootkits or backdoor scripts. But I felt a lot relief after RKHunter found no rootkit or backdoor scripts on my system.
RKHunter can scan your entire system by doing a series of test:
- Comparing MD5 hash
- Search for suspected strings in LKM and KLD modules
- Search for default files used by rootkits tools
- Search for wrong file permissions for binaries
- Search for hidden files in your system
- Scan within plaintext and binary files (optional)
This tool currently support most Linux & BSD distributions (NetBSD is unsupported). It’s a dangerous world out there and RKHunter can make you feel much safer.