This article relies excessively on references to primary sources.(May 2023) |
Initial release | 2006 |
---|---|
Stable release | 1.4.6
/ 20 February 2018 |
Repository |
|
Written in | Bourne shell, Perl |
Operating system | Unix-like |
Type | rootkit detector |
License | GNU General Public License |
Website | sourceforge |
rkhunter (Rootkit Hunter) is a Unix-based tool that scans for rootkits, backdoors and possible local exploits. It does this by comparing SHA-1 hashes of important files with known good ones in online databases, searching for default directories (of rootkits), wrong permissions, hidden files, suspicious strings in kernel modules, and special tests for Linux and FreeBSD. rkhunter is notable due to its inclusion in popular operating systems (Fedora,[1] Debian,[2] etc.)
The tool has been written in Bourne shell, to allow for portability. It can run on almost all UNIX-derived systems.