There's been a lot of talk lately about rootkits, thanks to Sony's stupidity, & Linux users may have been
laughing at their Windows' brethren. However, there are rootkits in the Linux world … just not from Sony. Rkhunter
hunts down rootkits, so this is a good thing to install & set up with a cron job, so your machine gets scanned
every night. If you're using Debian, just run apt-get install rkhunter. If you're not using Debian,
download the file from
http://www.rootkit.nl/projects/rootkit_hunter.html
(scroll down to the Downloads section), then install it like this (I'm using Kubuntu, so I use sudo;
everyone else should su to root):
tar zxvf rkhunter-1.2.7.tar.gz
cd rkhunter
sudo ./installer.sh
It'll install, & then you should update rkhunter's database:
sudo rkhunter --update
At that point, run it:
sudo rkhunter --checkall
You're going to notice that you have to press Enter often, which is annoying. Better to run this way, which suppresses the need to press Enter constantly:
sudo rkhunter --checkall --cronjob
If you only want to see warnings, and not line after line of OK, use this:
sudo rkhunter --checkall --cronjob --report-warnings-only
If I was running it as a cronjob, I'd use a command like this:
sudo rkhunter --versioncheck && sudo rkhunter --update && sudo rkhunter --checkall --cronjob
--report-warnings-only > /tmp/rkhunter_output && kedit /tmp/rkhunter_output
This checks the version of rkhunter, updates it, runs it, writes the output to a tmp file, & then opens that tmp file in a text editor so you see it every morning when you sit down. Pretty cool, eh?
Documentation is located at /usr/local/rkhunter/lib/rkhunter/docs, if you need it.
