Asking for RKHounter & Chkrootkit

Discuss open-source security software and projects

Moderators: scrumpy, Dave, leihog

Asking for RKHounter & Chkrootkit

Postby simby on Mon Jan 01, 2007 6:12 pm

Can you please add


Rootkit Scans for Rootkits, Backdoors, and Local Exploits

Rootkit scanner is scanning tool that can give you 99.9% certainty that
your system is
clean of nasty tools. This tool scans for rootkits, backdoors, and local
exploits by running tests like:

* Comparing MD5 hashes
* Looking for default files used by rootkits
* Checking for wrong file permissions for binaries
* Looking for suspected strings in LKM and KLD modules
* Looking for hidden files
* Optionally scanning within plain text and binary files
* Checking software versions
* Testing applications

Used to Check for Symptoms of Installed Root Kits

This is a set of tools that detect rootkit (a program that hides the
presence of attackers) symptoms on a system.

Rootkits can hide using kernel modules, but they always leave some small
traces that can be detected with this program.
However, it is always recommended that this program be used from a rescue
system or a system with a similar purpose.
Posts: 62
Joined: Fri Aug 04, 2006 2:42 pm

RE: Asking for RKHounter & Chkrootkit

Postby MikeC on Tue Jan 02, 2007 11:27 am

Adding those packages to Engarde would be self defeating at best. A package that invasively probes security is going to be stopped from executing at the SElinux level, so in order to test your security, first you'll have to disable the security features that you're trying to test... See what I mean? Alternatively you may suggest setting up SE policies to allow running those tests with SE enabled. Not going to happen - that would be a huge weakness in one of the fundamental security layers of Engarde. If you want to pursue the idea you can open a bug report and we'll review the idea, but I don't think it will fly.
Posts: 23
Joined: Mon Dec 18, 2006 12:23 pm

RE: Asking for RKHounter & Chkrootkit

Postby simby on Wed Jan 03, 2007 8:37 am

Ok, thanks for this reply :D
Posts: 62
Joined: Fri Aug 04, 2006 2:42 pm

Re: Asking for RKHounter & Chkrootkit

Postby Dave on Sun Feb 21, 2010 2:10 pm


I do agree with Mike's comment about it being self-defeating to try and run rkhunter. However, I would be interested in seeing what people find from running it and how we can improve! Perhaps there are other security scanners you would also like to see built?

I've put together an rkhunter package for you: ... el/noarch/

Browse that directory and download the rkhunter package.

Please let me know how it works for you!

Site Admin
Posts: 107
Joined: Tue Jun 13, 2006 6:06 pm

Return to Secure Open Source. Free Software.

Who is online

Users browsing this forum: No registered users and 1 guest