Unix Man page/Perldoc/Info page, English-Chinese Dictionary,
Chinese-English Dictionary
Unix Man page/Perldoc/Info page, English-Chinese Dictionary,
Chinese-English Dictionary
rkhunter(8) Unix System Administrator's Manual rkhunter(8) NAME rkhunter - run a system check for rootkits or other malware SYNOPSIS rkhunter [-c|--checkall] [--createlogfile] [--cronjob] [--disable-md5-check] [--nocolors] [--versioncheck] DESCRIPTION rkhunter is an easy-to-use tool which checks machines running UNIX, Linux, BSD and other clones, for the presence of rootkits and/or other unwanted tools. rkhunter can be run as a cronjob, or from the command line when needed. A Bash Shell or Korn Shell is required. If available, Perl modules will be used to replace some default system commands. The following system areas may be checked: -MD5 hash comparisons -Default files commonly used by rootkits -Incorrect file placement (moved binaries) -Search for suspect strings in LKM and KLD modules -Hidden files -Deleted files -Interfaces in promiscuous mode -Listening applications that could use libpcap -Optional scan within plaintext and binary files -Search for old versions of software packages OPTIONS --allow-ssh-root-user Allow SSH `root` user, while checking the SSH configuration file. This is a useful option when you use public key authenti- cation instead of keyboard authentication. --checkall (or -c).rkhunter performs a full check of the system, printing out the results of each test to stdout. --configfile <file> Use another configuration file, instead of the default one --createlogfile <file> A plain text file summarizing rkhunter's findings. Defaults to /var/log/rkhunter.log, optionally another filename can be cho- sen. --cronjob Use this option if you wish to run rkhunter from a cron-job rather than the commandline. Removes colored layout. --dbdir Uses another directory for the databases (instead of the default path) --disable-md5-check Skip checking MD5 hashes. Used on systems with custom tools or binaries that would throw off this test. --help Show help / usage information --nocolors Skip colorized output --quick Skips some tests (less accurate) --reportmode Hide all information which not interesting for cronjobs and non- interactive scans (like hiding header/footer) --rootdir Changes the default root directory, for chroot environments. --tmpdir Changes the default directory for temporary storage --skip-keypress Make rkhunter non-interactive --check-deleted Make rkhunter check for processes that have files opened that are deleted from the filesystem while the process is running. While this could give a clue about a process intentions enabling this check will cause false positives so enable whitelisting for Examples are provided in the config file. --check-listen In addition to the ifconfig and "ip" promiscuous mode tests this makes rkhunter check for any applications that are listening on interfaces. Use on systems where the libpcap "-p" flag enables you to avoid interface promiscuous mode. Note any ifconfig or "ip" based promiscuous mode checks are obsolete on GNU/Linux systems running kernel 2.6. Unfortunately there is no easy way to distinguish between illegitimate libpcap/libnet-using appli- cations, legit ones like IDSes or plain old DHCP clients. In short, this will definately cause false positives so enable whitelisting for 'known good' applications. Examples are pro- vided in the config file. --versioncheck Consults the rkhunter website to determine if a newer version is available for download. Uses wget. The latest version can be found at http://rkhunter.sourceforge.net/ Multiple parameters are allowed. Some parameters can be only used with others. When running Rootkit Hunter without any parameters, the most recent help will be shown. LICENSING Rootkit Hunter is licensed under the GPL, copyright Michael Boelen. CONTACT INFORMATION Rootkit Hunter is under active development by the Rootkit Hunter project team. For reporting bugs, updates, patches, comments and ques- tions please see http://rkhunter.sourceforge.net/ 1.03 Februari 7, 2005 rkhunter(8) |