Rootkit scanner is scanning tool to ensure you for about 99.9% you're clean of nasty tools. Rootkit Hunter scans for rootkits, backdoors and local exploits by running tests like:
- MD5 hash compare
- Look for default files used by rootkits
- Wrong file permissions for binaries
- Look for suspected strings in LKM and KLD modules
- Look for hidden files
- Optional scan within plaintext and binary files
Rootkit Hunter is released as GPL licensed project and free for everyone to use.
No, not really 99.9%.. It's just another security layer.
Supported operating systems
Supported:
- Most Linux distributions
- Most *BSD distributions
Currently unsupported:
- NetBSD
Tested on:
- AIX 4.1.5 / 4.3.3
- ALT Linux
- Aurora Linux
- CentOS 3.1 / 4.0
- Conectiva Linux 6.0
- Debian 3.x
- FreeBSD 4.3 / 4.4 / 4.7 / 4.8 / 4.9 / 4.10
- FreeBSD 5.0 / 5.1 / 5.2 / 5.2.1 / 5.3
- Fedora Core 1 / Core 2 / Core 3
- Gentoo 1.4, 2004.0, 2004.1
- Macintosh OS 10.3.4-10.3.8
- Mandrake 8.1 / 8.2 / 9.0-9.2 / 10.0 / 10.1
- OpenBSD 3.4 / 3.5
- Red Hat Linux 7.0-7.3 / 8 / 9
- Red Hat Enterprise Linux 2.1 / 3.0
- Slackware 9.0 / 9.1 / 10.0 / 10.1
- SME 6.0
- Solaris (SunOS)
- SuSE 7.3 / 8.0-8.2 / 9.0-9.2
- Ubuntu
- Yellow Dog Linux 3.0 / 3.01
Confirmed to work also on:
- DaNix (Debian clone)
- PCLinuxOS
- VectorLinux SOHO 3.2 / 4.0
- CPUBuilders Linux
- Virtuozzo (VPS)
Supported' rootkits/backdoors/LKM's/worms:
- 55808 Trojan - Variant A
- ADM W0rm
- AjaKit
- aPa Kit
- Apache Worm
- Ambient (ark) Rootkit
- Balaur Rootkit
- BeastKit
- beX2
- BOBKit
- CiNIK Worm (Slapper.B variant)
- Danny-Boy's Abuse Kit
- Devil RootKit
- Dica
- Dreams Rootkit
- Duarawkz Rootkit
- Flea Linux Rootkit
- FreeBSD Rootkit
- Fuck`it Rootkit
- GasKit
- Heroin LKM
- HjC Rootkit
- ignoKit
- ImperalsS-FBRK
- Irix Rootkit
- Kitko
- Knark
- Li0n Worm
- Lockit / LJK2
- mod_rootme (Apache backdoor)
- MRK
- Ni0 Rootkit
- NSDAP (RootKit for SunOS)
- Optic Kit (Tux)
- Oz Rootkit
- Portacelo
- R3dstorm Toolkit
- RH-Sharpe's rootkit
- RSHA's rootkit
- Scalper Worm
- Shutdown
- SHV4 Rootkit
- SHV5 Rootkit
- Sin Rootkit
- Slapper
- Sneakin Rootkit
- Suckit
- SunOS Rootkit
- Superkit
- TBD (Telnet BackDoor)
- TeLeKiT
- T0rn Rootkit
- Trojanit Kit
- URK (Universal RootKit)
- VcKit
- Volc Rootkit
- X-Org SunOS Rootkit
- zaRwT.KiT Rootkit
and... some known/unknown sniffers, backdoors like:
- Anti Anti-sniffer
- LuCe LKM
- THC Backdoor
What is new in this release:
- This version adds eleven bugfixes, seven changes, and five new items.
What is new in version 1.3.4:
- IntoXonia-NG and Phalanx2 rootkit checks were added.
- Support for TCB shadow files was added.
- The "--propupd" option can now take an optional file, directory, or package name after it.
- The file properties inode check was revised.
- SSH configuration file tests accept key/value pairs.
- The Linux "os_specific" test has been split into two separate tests.
- The DBDIR directory can now be read-only.
- The ALLOWPROCDELFILE configuration option was improved.
- The check for hidden files and directories was improved.
Requirements:
- GNU Bash
Comments not found