{{Short description|Unix-based computer security tool}} {{lowercase title|title=rkhunter}} {{Primary sources|date=May 2023}} {{Infobox software | name = rkhunter | screenshot = Rkhunter screenshot.webp | caption = rkhunter on [[Linux]] | latest_release_version = 1.4.6 | latest_release_date = {{start date and age|2018|02|20|df=yes}} | released = {{Start date and age|2006}} | operating_system = [[Unix-like]] | programming language = [[Bourne shell]], [[Perl]] | genre = [[rootkit]] detector | license = [[GNU General Public License]] | website = {{URL|https://sourceforge.net/projects/rkhunter/}} }}

'''rkhunter''' ('''Rootkit Hunter''') is a [[Unix]]-based tool that scans for [[rootkit]]s, [[Backdoor (computing)|backdoors]] and possible local [[Exploit (computer security)|exploits]].<ref>{{Cite web |date=October 29, 2018 |title=A way to detect the rootkits and exploits in CentOS/RHEL |url=https://medium.com/logistimo-engineering-blog/a-way-to-detect-the-rootkits-and-exploits-in-centos-rhel-5b125a8d6a25 |access-date=2024-07-04 |website=medium.com}}</ref> It does this by comparing [[SHA-1|SHA-1 hashes]] of important files with ''known good'' ones in online databases, searching for default directories (of rootkits), wrong permissions, hidden files, suspicious strings in [[kernel module]]s, and special tests for [[Linux]] and [[FreeBSD]]. rkhunter is notable due to its inclusion in popular operating systems (Fedora,<ref>{{Cite web|url=https://apps.fedoraproject.org/packages/s/rkhunter|title=Fedora Packages Search|website=apps.fedoraproject.org|access-date=2020-05-27|archive-date=2021-08-19|archive-url=https://web.archive.org/web/20210819164658/https://apps.fedoraproject.org/packages/s/rkhunter|url-status=dead}}</ref> Debian,<ref>{{Cite web|url=https://packages.debian.org/sid/rkhunter|title=Debian -- Details of package rkhunter in sid|website=packages.debian.org}}</ref> etc.)

The tool has been written in [[Bourne shell]], to allow for [[software portability|portability]]. It can run on almost all UNIX-derived systems.

== Development == In 2003, developer Michael Boelen released the version of Rootkit Hunter. After several years of development, early 2006, he agreed to hand over development to a development team. Since that time eight people have been working to set up the project properly and work towards the much-needed maintenance release. The project has since been moved to [[SourceForge]].

Both the GitHub and the SourceForge web resources seem to be sponsored by 'dogsbody' while code work seems to be being carried out by John Horne. This appears to be 'work-in-progress' but caution for [[Website spoofing]] and similar should always be exercised.<ref>https://us.norton.com/blog/malware/website-spoofing</ref>

== See also == {{Portal|Free and open-source software}} * [[chkrootkit]] * [[Lynis]] * [[OSSEC]] * [[Samhain (software)]] * [[Host-based intrusion detection system comparison]] * [[Hardening (computing)]] * [[Linux malware]] * [[MalwareMustDie]] * [[Rootkit]]

==References== {{Reflist}}

==External links== * {{Official website|https://rkhunter.sourceforge.net/}} * [https://web.archive.org/web/20130305191528/http://rootkit.nl/projects/rootkit_hunter.html Old rkhunter web page]

{{DEFAULTSORT:Rkhunter}} [[Category:Unix security-related software]] [[Category:Rootkit detection software]]

{{Unix-stub}}