• Subscribe to the low volume list for updates.

rkhunter & chkrootkit: wise crackers only

A good summary of the two top root kit hunters for linux hosts.

Rkhunter and chkrootkit are tools to check for signs of a rootkit. They will inspect the system they’re running on and report anomalies either through the shell or via email.

Although an attacker able to install a rootkit is likely also able to easily escape or delete these tools, not every attacker is a skilful one. Not every script kiddie knows about these tools or the way to cover its tracks. Since every single error can make the difference, on either sides, an effortless passive protection can do no harm and adds one more (maybe thin) layer of security.

Both rkhunter and chkrootkit, indeed, can be deployed quickly and require little management effort.