Rootkit Hunter

Antivirus, forensics, intrusion detection, cryptography, etc.
Post Reply
Message
Author
aragon
Posts: 1698
Joined: Mon 15 Oct 2007, 12:18
Location: Germany

Rootkit Hunter

#1 Post by aragon »

Homepage: http://www.rootkit.nl/projects/rootkit_hunter.html
Version: 1.3.4
Description

Rootkit scanner

Project information

Rootkit scanner is scanning tool to ensure you for about 99.9%* you're clean of nasty tools. This tool scans for rootkits, backdoors and local exploits by running tests like:

- MD5 hash compare
- Look for default files used by rootkits
- Wrong file permissions for binaries
- Look for suspected strings in LKM and KLD modules
- Look for hidden files
- Optional scan within plaintext and binary files

Rootkit Hunter is released as GPL licensed project and free for everyone to use.

* No, not really 99.9%.. It's just another security layer
runtt21 asked for this (http://www.murga-linux.com/puppy/viewtopic.php?t=31489)

start in a terminal with 'rkhunter' .

Compiled in Puppy 4.21.

cheers
aragon
Last edited by aragon on Fri 21 Aug 2009, 15:00, edited 1 time in total.
Top
User avatar
runtt21
Posts: 1649
Joined: Sun 08 Jun 2008, 02:43
Location: BigD Texas
Contact:
Contact runtt21

Thank you

#2 Post by runtt21 »

WOW,Thank you very much!!!! How did you make it?
Top
aragon
Posts: 1698
Joined: Mon 15 Oct 2007, 12:18
Location: Germany

#3 Post by aragon »

uploaded actual version, see main post.

aragon
Top
User avatar
paradj
Posts: 8
Joined: Wed 09 Jun 2010, 12:22

rkhunter and 5.10 (lucid)

#4 Post by paradj »

in this distro most debian-targeted source installer shell scripts work :roll:
but some get this error"

"$DEB_BUILD_ROOT variable not found."

for rkhunter v1.3.8, this can be fixed using the information here:

http://www.mail-archive.com/rkhunter-us ... 01806.html

in a nutshell for v1.3.8

line 176
if [ -n "${DEB_BUILD_ROOT}" ]; then

change to:

if [ -n "$DEB_BUILD_ROOT+x}" ]; then
Top
nyunda
Posts: 5
Joined: Tue 12 Apr 2011, 06:11
Location: west java

#5 Post by nyunda »

im newbie, i use puppy 520, i run rkhunter -c on rkhunter 1.3.6 & find 1 possible rootkit Xzibit Rootkit.

Found string 'hdparm' in file '/etc/rc.d/rc.sysinit'. Possible rootkit: Xzibit Rootkit

its rootkit or false positive?

& command rkhunter -c is only for check or remove?

thanks
Top
nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#6 Post by nooby »

You use it in Lupu 520 and it is " Compiled in Puppy 4.21"

Could that change something or are such programs immune to such differences?
I use Google Search on Puppy Forum
not an ideal solution though
Top
DPUP5520
Posts: 800
Joined: Wed 16 Feb 2011, 05:38

#7 Post by DPUP5520 »

This was happening with another rootkit hunter that someone else had installed, i believe it was chrootkit, except the person was being shown about 10 positives instead of just your one. The best and easiet way to see if it is showing a false positive is to check rootkit it is showing and take a screenshot and then pop in a live cd and boot from that and install and run the program again from there, if it comes out showing the same rootkit than it is a false positive.
[url=http://www.murga-linux.com/puppy/viewtopic.php?t=69651][b][i]PupRescue 2.5[/i][/b][/url]
[url=http://www.murga-linux.com/puppy/viewtopic.php?t=72178][b][i]Puppy Crypt 528[/i][/b][/url]
Top
Post Reply

Return to “Security/Privacy”