Rkhunter On Backtrack 5

Rkhunter On Backtrack 5

RKHUNTER    WHAT ARE ROOTKITS   Rootkits are the combination of several programs that are designed to take the root access .  QUESTION  Most rootkits use the power of the kernel to hide themselves, they are only visible from within the kernel. Then how do I detect rootkits under Debian Linux server? ANSWER To find rootkits in your KERNEL , this tool which is preinstalled in Backtrack 5 r3  help you to find rootkits .  INTRODUCTION rkhunter (Rootkit Hunter) is a Unix-based tool that scans for rootkits, backdoors and possible local exploits. It does this by comparing SHA-1 hashes of important files with known good ones in online database, searching for default directories (of rootkits), wrong permissions, hidden files, suspicious strings in kernel modules, and special tests for Linux and FreeBSD.  This tool scans for rootkits, backdoors and local exploits by running tests like: - MD5 hash compare - Look for default files used by rootkits - Wrong file permissions for binaries - Look for suspected strings in LKM and KLD modules - Look for hidden files - Optional scan within plaintext and binary files Rootkit Hunter is released as GPL licensed project and free for everyone to use. System requirements: - Compatible operating system (see 'Supported operating systems') - Bourne Again Shell (BASH) Supported operating systems Supported: - Most Linux distributions - Most *BSD distributions Currently unsupported: - NetBSD Tested on: - AIX 4.1.5 / 4.3.3 - ALT Linux - Aurora Linux - CentOS 3.1 / 4.0 - Conectiva Linux 6.0 - Debian 3.x - FreeBSD 4.3 / 4.4 / 4.7 / 4.8 / 4.9 / 4.10 - FreeBSD 5.0 / 5.1 / 5.2 / 5.2.1 / 5.3 - Fedora Core 1 / Core 2 / Core 3 - Gentoo 1.4, 2004.0, 2004.1 - Macintosh OS 10.3.4-10.3.8 - Mandrake 8.1 / 8.2 / 9.0-9.2 / 10.0 / 10.1 - OpenBSD 3.4 / 3.5 - Red Hat Linux 7.0-7.3 / 8 / 9 - Red Hat Enterprise Linux 2.1 / 3.0 - Slackware 9.0 / 9.1 / 10.0 / 10.1 - SME 6.0 - Solaris (SunOS) - SuSE 7.3 / 8.0-8.2 / 9.0-9.2 - Ubuntu - Yellow Dog Linux 3.0 / 3.01 Confirmed to work also on: - CLFS - DaNix (Debian clone) - PCLinuxOS - VectorLinux SOHO 3.2 / 4.0 - CPUBuilders Linux - Virtuozzo (VPS)   HOW TO OPEN RKHUNTER    To open rkhunter on backtrack 5r3 , follow the steps - Backtrack >Forensics > Anti-Virus  Forensic Tools  > rkhunter  See the below image for more details -  RKHUNTER MENU ON BACKTRACK 5   RKHUNTER OPENED   RKHUNTER OPENED  UPDATE YOUR RKHUNTER    To update rkhunter , use the follwing command .  Command : rkhunter --update  See the below image for more help    CHECKING SYSTEM COMMANDS   To start checking for rootkits , give the following commands :- Command : rkhunter --check  See the below image for more details -   CHECKING FOR THE ROOTKITS   It ask you to press enter to start the next checking process . See the below image for more details -    CHECKING FOR ROOTKITS CHECKING FOR NETWORKS    RKHUNTER : CHECKING FOR NETWORKS  CHECKING FOR APPLICATIONS    RKHUNTER SUMMARY   This is how you can use rkhunter on your backtrack 5r3 machine. Keep following www.abiadonis.blogspot.com , because more tutorials in a queue. Redefine your security with www.abiadonis.blogspot.com