# Rkhunter

> Mediated Wiki article. Canonical URL: https://mediated.wiki/source/Rkhunter
> Markdown URL: https://mediated.wiki/source/Rkhunter.md
> Source: https://en.wikipedia.org/wiki/Rkhunter
> Source revision: 1328605023
> License: Creative Commons Attribution-ShareAlike 4.0 International (https://creativecommons.org/licenses/by-sa/4.0/)

Unix-based computer security tool

This article relies excessively on references to primary sources. Please improve this article by adding secondary or tertiary sources. Find sources: "Rkhunter" – news · newspapers · books · scholar · JSTOR (May 2023) (Learn how and when to remove this message)

rkhunter rkhunter on Linux Release 2006; 20 years ago (2006) Stable release 1.4.6 / 20 February 2018; 8 years ago (2018-02-20) Written in Bourne shell, Perl Operating system Unix-like Type rootkit detector License GNU General Public License Website sourceforge.net/projects/rkhunter/ Repository git.code.sf.net/p/rkhunter/rkh_code

**rkhunter** (**Rootkit Hunter**) is a [Unix](/source/Unix)-based tool that scans for [rootkits](/source/Rootkit), [backdoors](/source/Backdoor_(computing)) and possible local [exploits](/source/Exploit_(computer_security)).[1] It does this by comparing [SHA-1 hashes](/source/SHA-1) of important files with *known good* ones in online databases, searching for default directories (of rootkits), wrong permissions, hidden files, suspicious strings in [kernel modules](/source/Kernel_module), and special tests for [Linux](/source/Linux) and [FreeBSD](/source/FreeBSD). rkhunter is notable due to its inclusion in popular operating systems (Fedora,[2] Debian,[3] etc.)

The tool has been written in [Bourne shell](/source/Bourne_shell), to allow for [portability](/source/Software_portability). It can run on almost all UNIX-derived systems.

## Development

In 2003, developer Michael Boelen released the version of Rootkit Hunter. After several years of development, early 2006, he agreed to hand over development to a development team. Since that time eight people have been working to set up the project properly and work towards the much-needed maintenance release. The project has since been moved to [SourceForge](/source/SourceForge).

Both the GitHub and the SourceForge web resources seem to be sponsored by 'dogsbody' while code work seems to be being carried out by John Horne. This appears to be 'work-in-progress' but caution for [Website spoofing](/source/Website_spoofing) and similar should always be exercised.[4]

## See also

- [Free and open-source software portal](https://en.wikipedia.org/wiki/Portal:Free_and_open-source_software)

- [chkrootkit](/source/Chkrootkit)

- [Lynis](/source/Lynis)

- [OSSEC](/source/OSSEC)

- [Samhain (software)](/source/Samhain_(software))

- [Host-based intrusion detection system comparison](/source/Host-based_intrusion_detection_system_comparison)

- [Hardening (computing)](/source/Hardening_(computing))

- [Linux malware](/source/Linux_malware)

- [MalwareMustDie](/source/MalwareMustDie)

- [Rootkit](/source/Rootkit)

## References

1. **[^](#cite_ref-1)** ["A way to detect the rootkits and exploits in CentOS/RHEL"](https://medium.com/logistimo-engineering-blog/a-way-to-detect-the-rootkits-and-exploits-in-centos-rhel-5b125a8d6a25). *medium.com*. October 29, 2018. Retrieved 2024-07-04.

1. **[^](#cite_ref-2)** ["Fedora Packages Search"](https://web.archive.org/web/20210819164658/https://apps.fedoraproject.org/packages/s/rkhunter). *apps.fedoraproject.org*. Archived from [the original](https://apps.fedoraproject.org/packages/s/rkhunter) on 2021-08-19. Retrieved 2020-05-27.

1. **[^](#cite_ref-3)** ["Debian -- Details of package rkhunter in sid"](https://packages.debian.org/sid/rkhunter). *packages.debian.org*.

1. **[^](#cite_ref-4)** [https://us.norton.com/blog/malware/website-spoofing](https://us.norton.com/blog/malware/website-spoofing)

## External links

- [Official website](https://rkhunter.sourceforge.net/)

- [Old rkhunter web page](https://web.archive.org/web/20130305191528/http://rootkit.nl/projects/rootkit_hunter.html)

This Unix-related article is a stub. You can help Wikipedia by adding missing information.

- [v](https://en.wikipedia.org/wiki/Template:Unix-stub)
- [t](/source/Template_talk%3AUnix-stub)
- [e](https://en.wikipedia.org/wiki/Special:EditPage/Template:Unix-stub)

---
Adapted from the Wikipedia article [Rkhunter](https://en.wikipedia.org/wiki/Rkhunter) by Wikipedia contributors ([contributor history](https://en.wikipedia.org/wiki/Rkhunter?action=history)). Available under [Creative Commons Attribution-ShareAlike 4.0 International](https://creativecommons.org/licenses/by-sa/4.0/). Changes may have been made.
