A rootkit is a set of software that takes control of a computer system. In this type of attack, the system user will not notice the presence of the rootkit, and the computer hacker will have the ability to change all computer settings. Rkhunter or rootkit hunter is a Unix tool that scans any rootkit, backdoor, and any other possible damage model. In this article, we will teach you How to Install and Use Rkhunter on Kali Linux. If you want to purchase a Linux VPS server, you can check out the packages offered on the Eldernode website.
Tutorial Install and Use Rkhunter on Kali Linux
What is Rkhunter?
Rkhunter known as Rootkit Hunter is an open-source Unix-based scanning tool that scans many hidden files, suspicious strings in kernel backdoors, and possible local exploits like backdoors, rootkits, Email injection and etc. This will be done by comparing SHA-1 hashes for important files with the known good files in an online database. Rootkit Hunter uses a series of tools to establish backdoors and conceal tracks, allowing an attacker to maintain access to the system and login as root at any time.
In the continuation of this article from the Kali Linux training series, we intend to teach you How to Install Rkhunter on Kali Linux.
Installing Rkhunter on Kali Linux
In this step, we are going to show you how to install Rkhunter on Kali Linux. To do this, just follow the steps below and run the commands.
Before doing anything, update your system packages using the following command:
sudo apt update
Now you can install Rkhunter by running the following command:
sudo apt install rkhunter
How to Use Rkhunter on Kali Linux
In this section, you will learn the configuration of Rkhunter on Kali Linux. Simply run the following commands and follow the instructions.
First, run the following command to see if your computer has been infected with a rootkit or not:
You can use the following command to discover unknown errors:
rkhunter -c -scan-knownbad-files
The Rkhunter help command is as follows:
Uninstalling Rkhunter on Kali Linux
If you want to uninstall rkhunter just run the following command:
apt-get -y autoremove rkhunter
You can remove rkhunter configurations and all of its dependencies using the following command:
apt-get -y autoremove --purge rkhunter
Rkhunter checks for suspicious strings in kernel modules, files commonly created by rootkits, hidden files in system directories, SHA256 hash changes, and executables with anomalous file permissions.
Yes, Rkhunter does not guarantee that a system is not compromised. You can run additional tests such as chkrootkit.
You can remove malware to some degree by implementing Rkhunter.
Rkhunter examines hidden and visible files, kernel modules, default directories, and mishandled permissions. It is a Linux security program under the GPL for scanning rootkit and vulnerabilities. In this article, we taught you how to install and use Rkhunter on Kali Linux. I hope this tutorial was useful for you and you enjoy it. If you have any questions, you can contact us in the Comments.