Rootkit cleaner

Revision as of 20:06, 7 June 2014 by WikiFreak (talk | contribs)

RootKits enable a remote person to take control over your server. That's really bad !! You have to protect yourself against these attacks.


Required programs

apt-get install rkhunter unhide


Update RootKit definitions

rkhunter --propupd
rkhunter --update


Search for RootKits

You can search for any rootkit in your computer with rkhunter :

rkhunter -c


RootKit hunter [rkhunter] configuration

You can configure rkhunter :

vim /etc/rkhunter.conf


To suppress the “Warning : the modules files ‘/proc/modules’ is missing” you need to add a skip test, line 246

DISABLE_TESTS="suspscan hidden_procs deleted_files packet_cap_apps apps os_specific"


According to your specific configuration, you need to adjust some specifics folders, line 438

allowhiddendir=/dev/.udev