man rkhunter (Administration système) - run a system check for rootkits or other malware

NAME

rkhunter - run a system check for rootkits or other malware

SYNOPSIS

rkhunter [-c|--checkall] [--createlogfile] [--cronjob] [--disable-md5-check] [--nocolors] [--versioncheck]

DESCRIPTION

rkhunter is an easy-to-use tool which checks machines running UNIX, Linux, BSD and other clones, for the presence of rootkits and/or other unwanted tools. rkhunter can be run as a cronjob, or from the command line when needed. A Bash Shell or Korn Shell is required. If available, Perl modules will be used to replace some default system commands.

The following system areas may be checked:

-MD5 hash comparisons

-Default files commonly used by rootkits

-Incorrect file placement (moved binaries)

-Search for suspect strings in LKM and KLD modules

-Hidden files

-Optional scan within plaintext and binary files

-Search for old versions of software packages

OPTIONS

--allow-ssh-root-user Allow SSH `root` user, while checking the SSH configuration file. This is a usefull option when you use public key authentication instead of keyboard authentication.
--checkall (or -c).rkhunter preforms a full check of the system, printing out the results of each test to stdout.
--configfile <file> Use another configuration file, instead of the default one
--createlogfile A plain text file summarizing rkhunter's findings. Default file is /var/log/rkhunter.log.
--cronjob Use this option if you wish to run rkhunter from a cron-job rather than the commandline. Removes colored layout.
--dbdir Uses another directory for the databases (instead of the default path)
--disable-md5-check Skip checking MD5 hashes. Used on systems with custom tools or binaries that would throw off this test.
--help Show help / usage information
--nocolors Skip colorized output
--quick Skips some tests (less accurate)
--reportmode Hide all information which not interesting for cronjobs and non-interactive scans (like hiding header/footer)
--rootdir Changes the default root directory, for chroot environments.
--tmpdir Changes the default directory for temporary storage
--skip-keypress Make rkhunter non-interactive
--versioncheck Consults the rkhunter website to determine if a newer version is available for download. Uses wget. The latest version can be found at http://www.rootkit.nl.

Multiple parameters are allowed. Some parameters can be only used with others. When running Rootkit Hunter without any parameters, the most recent help will be shown.

LICENSING

Rootkit Hunter is licensed under the GPL and under development by Michael Boelen (and testers..)

CONTACT INFORMATION

You may direct questions and comments to http://www.rootkit.nl/contact/