最後更新: 2017-09-26


rkhunter - Rootkit Hunter


apt-get install rkhunter

Check Version

rkhunter -V

Rootkit Hunter 1.4.2


rkhunter --update

rkhunter --checkall

Checking binaries

  • /bin/*
  • /sbin/*
  • /usr/bin/*
  • /usr/sbin/*

Configure File



-C, --config-check

use rootkits

--update         # to check if there is a later version of any of its text data files.

[ Rootkit Hunter version 1.4.2 ]

Checking rkhunter data files...
  Checking file mirrors.dat                                  [ No update ]
  Checking file programs_bad.dat                             [ No update ]
  Checking file backdoorports.dat                            [ No update ]
  Checking file suspscan.dat                                 [ No update ]

-c, --check      # tells rkhunter to perform various checks


System checks summary

File properties checks...
    Required commands check failed
    Files checked: 131
    Suspect files: 4

Rootkit checks...
    Rootkits checked : 378
    Possible rootkits: 0

Applications checks...
    All checks skipped

The system checks took: 1 minute and 20 seconds

All results have been written to the log file: /var/log/rkhunter/rkhunter.log

One or more warnings have been found while checking the system.
Please check the log file (/var/log/rkhunter/rkhunter.log)

log file





  • 對比 program ps 與 fs /proc 的不同
  • 對比 program netstat 與 /proc 的不同


unhide-linux26 proc
unhide-linux26 sys
unhide-linux26 brute