The Rootkit Hunter project

Welcome to the Rootkit Hunter project site

Downloading and running Rootkit Hunter 

To run Rootkit Hunter please install or upgrade to Rootkit Hunter version 1.3.6 and read the README.

• If you have questions about what Rootkit Hunter reports, or if you encounter a runtime or configuration problems please first consult the Rootkit Hunter installation tutorial (if applicable), the Rootkit Hunter FAQ and the rkhunter-users mailing list archives.
• If your question is not answered in the FAQ or the mailing list archives, please join (subscribe) the rkhunter-users mailing list and ask.
• If you would like to be kept informed of updates we also have a (very) low volume rkhunter-announce mailing list.
• If you would like to report a bug, downstream (package maintainer) changes or supply a patch: please use the Rootkit Hunter bug tracker. If unsure please first check on the rkhunter-users mailing list.

Rootkit Hunter announces release 1.3.6

The Rootkit Hunter project is pleased to announce the release of version 1.3.6

The change log lists 29 additions including 9 configuration options and details for 12 rootkits, 29 changes including improvements for 15 rootkit checks and 22 bugfixes. Naming a few:

• New IGNORE_PRELINK_DEP_ERR configuration option in case of persistent prelink dependency errors.
• New USER_FILEPROP_FILES_DIRS configuration option to add files and directories to the file properties check.
• New COPY_LOG_ON_ERROR configuration option to copy the log file if any errors or warnings have occurred.
• New WEBCMD configuration option to specify the command used to download data file updates from the Internet.
• Rkhunter will look for configuration options in the main configuration file, and then in the local configuration file if it exists.
• New SHARED_LIB_WHITELIST configuration option for whitelisting preloaded shared libraries.
• New WARN_ON_OS_CHANGE configuration option. If unset then no warnings will be shown.
• New UPDT_ON_OS_CHANGE configuration option. If set and the O/S has changed then rkhunter will automatically update properties ('rkhunter –propupd').
• Added support for hash functions SHA224, SHA256, SHA384 and SHA512 using CPAN perl modules Digest-SHA-PurePerl or SHA256.
• New UPDATE_LANG configuration option.
• New ALLOWPROMISCIF configuration option.
• New PKGMGR_NO_VRFY configuration option for fine-grained package manager verification process control.
• Rootkit checks added: Adore Rootkit (aka strings.o aka Dextenea) cb, CX, Fu, iLLogiC, ld-linuxv.so.1, 'Spanish', trNkit, Xzibit, ZK.
• Updated rootkit / malware checks: Ambient (ark), beX2, BOBkit, Dica-kit, Dreams, Enye LKM, evil strings test, Fleakit, FreeBSD, Phalanx2, SHV4, Universal (URK).

For more details please see the CHANGELOG.
Rootkit Hunter release 1.3.6 obsoletes all previous releases. Please upgrade real soon now.

Acknowledgements 

Thanks to John Horne and all contributors who made this release possible by providing code, submitting ideas, bugs, fixes, documentation, helping out on the rkhunter-users mailing list and promoting Rootkit Hunter. For more details please see the ACKNOWLEDGMENTS.

About the project 

In 2006 the Rootkit Hunter initial developer M. Boelen handed over development. The current independent development team, comprising of two developers and a document manager, has been releasing Rootkit Hunter since version 1.2.9. The rkhunter [dot] sourceforge [dot] net website is the official home for the Rootkit Hunter project: there are no valid or compelling reasons for any publications to point to other websites, be it rootkit [dot] nl or otherwise.
* Potential developers should ponder the "make code, not words" mantra before applying.