Security automation with rkhunter

Release Lags

If you examine the rkhunter project, you may notice that the latest release, version 1.4.6 was released two years ago. In addition, recent traffic on the project forums is rarely more than a few posts per month from only half a dozen people or so. Such evidence may lead you to wonder how current rkhunter is, and whether there is recent malware that it does not cover.

However, this concern seems to be groundless. A web search immediately reveals that the long time between releases has done little to stop rkhunter's use. After 14 years of development, rkhunter is a mature script, with a comprehensive awareness of different intrusion methods. Quite simply, there may be little left to add to rkhunter. Moreover, even if the current version does not cover a particular rootkit, rkhunter's other tests, such as changes in key files, can probably detect evidence of a new rootkit, if not the particular kit.

However, if this release schedule disturbs you, you may prefer to run an alternative such as chkrootkit. But while administrators should keep themselves aware of new rootkits, on the whole, rkhunter remains a useful tool, especially if you follow up on its checks and examine its log in detail. Use it in cautious but good health.

Infos

  1. Rootkit Hunter: http://rkhunter.sourceforge.net/

The Author

Bruce Byfield is a computer journalist and a freelance writer and editor specializing in free and open source software. In addition to his writing projects, he also teaches live and e-learning courses. In his spare time, Bruce writes about Northwest coast art (http://brucebyfield.wordpress.com). He is also cofounder of Prentice Pieces, a blog about writing and fantasy at https://prenticepieces.com/.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Host-Based IDS

    A host-based intrusion detection system is a simple but powerful tool for finding traces of an attacker's footprint.

  • Expert Security Intro

    Internet intruders have many ingenious ways of escalating privileges and hiding their presence once they get inside your system. The best protection is to keep them out in the cold.

  • Qt4-fsarchiver

    Qt4-fsarchiver lets you back up files, complete partitions, and create disk images with a single mouse click.

  • Trinity Rescue Kit

    Trinity Rescue Kit is driven by the practical requirements of the admin’s daily work, integrating a full set of tools for maintaining and rescuing Linux and Windows PCs.

  • Kernel Rootkits

    Rootkits allow attackers to take complete control of a computer. We describe the tricks intruders use to gain access to the Linux kernel and provide guidelines on hardening the kernel against such attacks.

comments powered by Disqus

Direct Download

Read full article as PDF:

Price $2.95

News