Security automation with rkhunter

Release Lags

If you examine the rkhunter project, you may notice that the latest release, version 1.4.6 was released two years ago. In addition, recent traffic on the project forums is rarely more than a few posts per month from only half a dozen people or so. Such evidence may lead you to wonder how current rkhunter is, and whether there is recent malware that it does not cover.

However, this concern seems to be groundless. A web search immediately reveals that the long time between releases has done little to stop rkhunter's use. After 14 years of development, rkhunter is a mature script, with a comprehensive awareness of different intrusion methods. Quite simply, there may be little left to add to rkhunter. Moreover, even if the current version does not cover a particular rootkit, rkhunter's other tests, such as changes in key files, can probably detect evidence of a new rootkit, if not the particular kit.

However, if this release schedule disturbs you, you may prefer to run an alternative such as chkrootkit. But while administrators should keep themselves aware of new rootkits, on the whole, rkhunter remains a useful tool, especially if you follow up on its checks and examine its log in detail. Use it in cautious but good health.


  1. Rootkit Hunter:

The Author

Bruce Byfield is a computer journalist and a freelance writer and editor specializing in free and open source software. In addition to his writing projects, he also teaches live and e-learning courses. In his spare time, Bruce writes about Northwest coast art ( He is also cofounder of Prentice Pieces, a blog about writing and fantasy at

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Host-Based IDS

    A host-based intrusion detection system is a simple but powerful tool for finding traces of an attacker's footprint.

  • Expert Security Intro

    Internet intruders have many ingenious ways of escalating privileges and hiding their presence once they get inside your system. The best protection is to keep them out in the cold.

  • Qt4-fsarchiver

    Qt4-fsarchiver lets you back up files, complete partitions, and create disk images with a single mouse click.

  • System Alert

    The unhide forensics tool scans your system for inconsistencies to uncover hidden processes.

  • Trinity Rescue Kit

    Trinity Rescue Kit is driven by the practical requirements of the admin’s daily work, integrating a full set of tools for maintaining and rescuing Linux and Windows PCs.

comments powered by Disqus