Rkhunter: Detection of rootkits and malware

Introduction link

Rkhunter (Rootkit Hunter) is a Unix program that detects rootkits, backdoors, and exploits. It works by comparing MD5 hashes of important files with known hashes that are accessible from an online database. It can detect directory permissions, hidden files, suspicious strings in the kernel, and can perform specific tests for Linux and FreeBSD.

However, it’s worth noting that since 2005, we’ve known that it’s possible to create distinct files with the same MD5 signature due to a mathematical invariance property of this process.

Installation link

To install Rkhunter, visit the website https://www.rootkit.nl/ or install it on Debian with:

  apt-get install rkhunter
  

Configuration link

The advantage of this software is that there’s nothing to configure - it sets itself up automatically and runs daily, sending email alerts when issues are detected. You might encounter MD5 errors related to updates or other changes. To resolve this problem, update rkhunter:

  rkhunter --update