The Rootkit Hunter project

Welcome to the Rootkit Hunter project site

Downloading and running Rootkit Hunter

To run Rootkit Hunter please install or upgrade to Rootkit Hunter version 1.3.8 and read the README.

If you have questions about what Rootkit Hunter reports, or if you encounter a runtime or configuration problems please first consult the Rootkit Hunter installation tutorial (if applicable), the Rootkit Hunter FAQ and the rkhunter-users mailing list archives.
If your question is not answered in the FAQ or the mailing list archives, please join (subscribe) the rkhunter-users mailing list and ask.
If you would like to be kept informed of updates we also have a (very) low volume rkhunter-announce mailing list.
If you would like to report a bug, downstream (package maintainer) changes or supply a patch: please use the Rootkit Hunter bug tracker. If unsure please first check on the rkhunter-users mailing list.

Rootkit Hunter announces release 1.3.8

The Rootkit Hunter project team is pleased to announce the release of version 1.3.8.
The change log lists 24 bug fixes, 29 changes and 18 new items. Naming a few:

Whitelist rootkit strings (RTKT_FILE_WHITELIST).
Whitelist items not always present (EXISTWHITELIST).
Whitelist combined pathname and port number (PORT_WHITELIST).
Added Whirlpool and Ripemd160 hashes to file properties check.
Support for DragonFly BSD.
Support for Solaris OS package management.
The 'suspicious files' check display each item individually.
The '--enable' and '--disable' command-line options may now be specified more than once.
Grsecurity-enabled systems may now run the network 'ports' test.
Allow test names for the 'unhide' command (UNHIDE_TESTS).
Rootkit checks added: OS X Togroot and Boonana (Koobface.A) trojan, Solaris Wanuk backdoor and worm and Inqtana worm.
Better support for *BSD commands and OS X.

For more details please see the CHANGELOG.
Rootkit Hunter release 1.3.8 obsoletes all previous releases. Please upgrade real soon now.

Acknowledgements

Thanks to John Horne and all contributors who made this release possible by providing code, submitting ideas, bugs, fixes, documentation, helping out on the rkhunter-users mailing list and promoting Rootkit Hunter. For more details please see the ACKNOWLEDGMENTS.

About the project

In 2006 the Rootkit Hunter initial developer M. Boelen handed over development. The current independent development team, comprising of two developers and a document manager, has been releasing Rootkit Hunter since version 1.2.9. The rkhunter [dot] sourceforge [dot] net website is the official home for the Rootkit Hunter project: there are no valid or compelling reasons for any publications to point to other websites, be it rootkit [dot] nl or otherwise.
* Potential developers should ponder the "make code, not words" mantra before applying.

This page was updated on 2010/11/17 for Rootkit Hunter release 1.3.8.