FreeBSD 14
Sponsored Link

RKHunter : Install2024/09/09
 

Install RKHunter which is the Rootkit Detection tool.

[1] Install RKHunter.
root@dlp:~ #
pkg install -y rkhunter curl
[2] Configure and Use RKHunter.
root@dlp:~ #
vi /etc/periodic.conf
# create new file

# enable daily database update
security_rkhunter_update_enable="YES"
security_rkhunter_update_period="daily"
security_rkhunter_update_flags="--update --nocolors"

# add follows if enable daily system checking
security_rkhunter_check_enable="YES"
security_rkhunter_check_period="daily"
security_rkhunter_check_flags="--checkall --nocolors --skip-keypress"
# update database

root@dlp:~ #
rkhunter --update 

[ Rootkit Hunter version 1.4.6 ]

Checking rkhunter data files...
  Checking file mirrors.dat                                  [ Updated ]
  Checking file programs_bad.dat                             [ No update ]
  Checking file backdoorports.dat                            [ No update ]
  Checking file suspscan.dat                                 [ No update ]
  Checking file i18n/cn                                      [ No update ]
  Checking file i18n/de                                      [ No update ]
  Checking file i18n/en                                      [ No update ]
  Checking file i18n/tr                                      [ No update ]
  Checking file i18n/tr.utf8                                 [ No update ]
  Checking file i18n/zh                                      [ No update ]
  Checking file i18n/zh.utf8                                 [ No update ]
  Checking file i18n/ja                                      [ No update ]
# update system file properties

root@dlp:~ #
rkhunter --propupd 

[ Rootkit Hunter version 1.4.6 ]
File created: searched for 173 files, found 122
# run checking
# [--sk] means skipping to push Enter key
# [--rwo] means display only warnings

root@dlp:~ #
rkhunter --check --sk 
[ Rootkit Hunter version 1.4.6 ]

Checking system commands...

  Performing 'strings' command checks
    Checking 'strings' command                               [ OK ]

  Performing 'shared libraries' checks
    Checking for preloading variables                        [ None found ]
    Checking for preloaded libraries                         [ None found ]
    Checking LD_LIBRARY_PATH variable                        [ Not found ]

  Performing file properties checks
    Checking for prerequisites                               [ OK ]
    /sbin/dmesg                                              [ OK ]
    /sbin/fsck                                               [ OK ]
    /sbin/ifconfig                                           [ OK ]
    /sbin/init                                               [ OK ]
    /sbin/md5                                                [ OK ]
    /sbin/md5sum                                             [ OK ]
    /sbin/mount                                              [ OK ]
    /sbin/nologin                                            [ OK ]
    /sbin/ping                                               [ OK ]
    /sbin/route                                              [ OK ]
    /sbin/sha1                                               [ OK ]
    /sbin/sha1sum                                            [ OK ]
    /sbin/sha224                                             [ OK ]
    /sbin/sha224sum                                          [ OK ]
    /sbin/sha256                                             [ OK ]
    /sbin/sha256sum                                          [ OK ]
    /sbin/sha384                                             [ OK ]

.....
.....

System checks summary
=====================

File properties checks...
    Files checked: 122
    Suspect files: 0

Rootkit checks...
    Rootkits checked : 498
    Possible rootkits: 0

Applications checks...
    All checks skipped

The system checks took: 38 seconds

All results have been written to the log file: /var/log/rkhunter.log

No warnings were found while checking the system.
Matched Content