Rootkit cleaner

Revision as of 20:04, 7 June 2014 by WikiFreak (talk | contribs) (Created page with "RootKits enable a remote person to take control over your server. That's really bad !! You have to protect yourself against these attacks. =Required programs= <syntaxhighli...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

RootKits enable a remote person to take control over your server. That's really bad !! You have to protect yourself against these attacks.


Required programs

apt-get install rkhunter unhide


Search for RootKits

You can search for any rootkit in your computer with rkhunter :

rkhunter -c


Update RootKit definitions

rkhunter --propupd
rkhunter --update


RootKit hunter [rkhunter] configuration

You can configure rkhunter :

vim /etc/rkhunter.conf


To suppress the “Warning : the modules files ‘/proc/modules’ is missing” you need to add a skip test, line 246

DISABLE_TESTS="suspscan hidden_procs deleted_files packet_cap_apps apps os_specific"


According to your specific configuration, you need to adjust some specifics folders, line 438

allowhiddendir=/dev/.udev