HowTo Install RkHunter


Rootkit scanner is scanning tool to ensure you’re clean of nasty tools.

This tool scans for rootkits, backdoors and local exploits by running tests like: MD5 hash compare, Look for default files used by rootkits, Wrong file permissions for binaries, Look for suspected strings in LKM and KLD modules, Look for hidden files, Optional scan within plaintext and binary files.

Current Version: 1.3.8 (November 17, 2010)
Website: Rootkit Hunter
Download: Rootkit Hunter – Browse /rkhunter at
– Most Linux and *BSD distributions
– Bourne Again Shell (BASH)
Checks for rootkits, backdoors, LKM’s and worms:
55808 Trojan – Variant A, ADM W0rm, AjaKit, aPa Kit, Apache Worm, Ambient (ark) Rootkit, Balaur Rootkit, BeastKit, beX2, BOBKit, CiNIK Worm (Slapper.B variant), Danny-Boy’s Abuse Kit, Devil RootKit, Dica, Dreams Rootkit, Duarawkz Rootkit, Flea Linux Rootkit, FreeBSD Rootkit, Fuck`it Rootkit, GasKit, Heroin LKM, HjC Rootkit, ignoKit, ImperalsS-FBRK, Irix Rootkit, Kitko, Knark, Li0n Worm, Lockit / LJK2, mod_rootme (Apache backdoor), MRK, Ni0 Rootkit, NSDAP (RootKit for SunOS), Optic Kit (Tux), Oz Rootkit, Portacelo, R3dstorm Toolkit, RH-Sharpe’s rootkit, RSHA’s rootkit, Scalper Worm, Shutdown, SHV4 Rootkit, SHV5 Rootkit, Sin Rootkit, Slapper, Sneakin Rootkit, Suckit, SunOS Rootkit, Superkit, TBD (Telnet BackDoor), TeLeKiT, T0rn Rootkit, Trojanit Kit, URK (Universal RootKit), VcKit, Volc Rootkit, X-Org SunOS Rootkit, zaRwT.KiT Rootkit and some known/unknown sniffers, backdoors like; Anti Anti-sniffer, LuCe LKM, THC Backdoor.
Tested on:
AIX 4.1.5 & 4.3.3, ALT Linux, Aurora Linux, CentOS 3.1 & 4.0, Conectiva Linux 6.0, Debian 3.x, FreeBSD 4.3 / 4.4 / 4.7 / 4.8 / 4.9 / 4.10, FreeBSD 5.0 / 5.1 / 5.2 / 5.2.1 / 5.3, Fedora Core 1 / Core 2 / Core 3, Gentoo 1.4, 2004.0, 2004.1, Macintosh OS 10.3.4-10.3.8, Mandrake 8.1 / 8.2 / 9.0-9.2 / 10.0 / 10.1, OpenBSD 3.4 & 3.5, Red Hat Linux 7.0-7.3 / 8 / 9, Red Hat Enterprise Linux 2.1 & 3.0, Slackware 9.0 / 9.1 / 10.0 / 10.1, SME 6.0, Solaris (SunOS), SuSE 7.3 / 8.0-8.2 / 9.0-9.2, Ubuntu, Yellow Dog Linux 3.0 & 3.01.
Confirmed to work on: CLFS, DaNix (Debian clone), PCLinuxOS, VectorLinux SOHO 3.2 & 4.0, CPUBuilders Linux, Virtuozzo (VPS)
Run Scan:

/usr/local/bin/rkhunter -c

Configure Daily Scan Report:

nano /etc/cron.daily/

Add the following code to file:

#!/bin/bash (/usr/local/bin/rkhunter -c --cronjob 2>&1 | mail -s "Daily Rkhunter Scan Report"

Set execute permission:

chmod +x /etc/cron.daily/

Updating rkhunter:

rkhunter --update


  1. Thank you for every other informative web site. The place else could I am getting that kind of information written in such an ideal manner? I have a project that I am simply now working on, and I have been on the look out for such information.


Please enter your comment!
Please enter your name here