![[PukiWiki]](image/c60.png "[PukiWiki]")
A rootkit is a malicious software designed to obtain root-level access to a computer while hiding its presence or identity from antivirus software. Common ways for rootkits to get installed on your system are through trojan horses contained in drive-by downloads, known system vulnerabilities, suspicious email attachments, web surfing, or simply by password cracking.
On Linux, there are several rootkit scanner tools that help project against known or potential rootkits. One such rootkit detection tool is called Rootkit Hunter (rkhunter).
Install rkhunter on Ubuntu:
$ sudo apt-get install rkhunter
To perform rootkit scanning on FLEX, simply run the following.
$ sudo rkhunter -c
Once rkhunter is initiated, it will go ahead and run a series of tests as follows.
Once scanning is completed, rkhunter stores the result in /var/log/rkhunter.log. We can check for any warning and results something like this:
System checks summary ===================== File properties checks... Required commands check failed Files checked: 142 Suspect files: 32 Rootkit checks... Rootkits checked : 310 Possible rootkits: 2 Rootkit names : SHV4 Rootkit, SHV5 Rootkit Applications checks... All checks skipped The system checks took: 1 minute and 54 seconds All results have been written to the log file: /var/log/rkhunter.log One or more warnings have been found while checking the system. Please check the log file (/var/log/rkhunter.log)
