Learn to use Rootkit Hunter to detect malware on your Linux system.

Delivered each Tuesday, TechRepublic’s free Linux NetNote provides tips, articles, and other resources to help you hone your Linux skills. Automatically sign up today!

Until fairly recently, the tool to use for detecting malware on Linux systems was the chkrootkit tool. However, a newer tool with several more available tests and a friendlier interface is now available: Rootkit Hunter (rkhunter).

This tool is available for download from the rootkit Web site. Installation is extremely straightforward; rkhunter only consists of Perl and shell scripts. After you’ve downloaded and unpacked the latest version, simply run the installer.sh script to install the program.

In its most basic form, rkhunter scans your system for any signs of malware. In addition, it performs other scans on your system, such as checking for differences between a cached copy of the passwd and group files, checking the sshd_config file to see if root logins are permissible, and so forth.

Every version adds checks for new malware, so keeping up with rkhunter releases is important. Be sure to regularly check the rootkit Web site.

[Search for rootkits with Rootkit Hunter on Linux systems, continued]