Ok I know the question sounds strange but I need help installing rkhunter the accurate way and do I need to follow all the steps in this article https://help.ubuntu.com/community/RKhunter?
Asked
Active
Viewed 1.4k times
3
-
if it is a bad question just delete it – Feb 12 '16 at 08:08
-
rkhunter vs chkrootkit? – Feb 12 '16 at 08:09
1 Answers
5
The package rkhunter is in the repos, so just
sudo apt-get install rkhunter
So is chkrootkit
sudo apt-get install chkrootkit
"rkhunter vs chkrootkit?" comparison from wikipedia
rkhunter (Rootkit Hunter) is a Unix-based tool that scans for rootkits, backdoors and possible local exploits. It does this by comparing SHA-1 hashes of important files with known good ones in online databases, searching for default directories (of rootkits), wrong permissions, hidden files, suspicious strings in kernel modules, and special tests for Linux and FreeBSD.
The tool has been written in Bourne shell, to allow for portability. It can run on almost all UNIX-derived systems.
chkrootkit (Check Rootkit) is a common Unix-based program intended to help system administrators check their system for known rootkits. It is a shell script using common UNIX/Linux tools like the strings and grep commands to search core system programs for signatures and for comparing a traversal of the /proc filesystem with the output of the ps (process status) command to look for discrepancies.
It can be used from a "rescue disc" (typically a Live CD) or it can optionally use an alternative directory from which to run all of its own commands. These techniques allow chkrootkit to trust the commands upon which it depends a bit more.
There are inherent limitations to the reliability of any program that attempts to detect compromises (such as rootkits and computer viruses). Newer rootkits may specifically attempt to detect and compromise copies of the chkrootkit programs or take other measures to evade detection by them.
Mark Kirby
- 18,529
- 19
- 78
- 114
-
Wait what about this article https://help.ubuntu.com/community/RKhunter do I need to do all that stuff in the instructions. – Feb 12 '16 at 08:56
-
Those are configuration options, do the ones you need, you can use
sudo rkhunter --propupdto run it manually, when you want or addAPT_AUTOGEN="yes"to/etc/default/rkhunterand it will auto run after software updater, the rest is just version check and hiding warnings, you don't need to do theses steps if the warnings don't bother you. – Mark Kirby Feb 12 '16 at 09:03 -
-
Yes the bottom ha#lf of the page is just hiding the warnings, it does not matter if you hide them or not, your choice. – Mark Kirby Feb 12 '16 at 09:07