Results 1 to 8 of 8
  1. #1
    Join Date
    Mar 2005
    Location
    Maine, USA
    Posts
    302

    RootkitHunter & chkrootkit: are they still useful to use?

    http://rkhunter.sourceforge.net/
    http://freecode.com/projects/chkrootkit

    Are either of these two programs worth running any longer? I have them setup as daily scripts on most of my servers, and have so for years. However, with rootkits changing rapidly and neither of these programs has been updated in the recent past, I am wondering if I shouldn't just delete them from the servers as they don't properly protect from the latest rootkits. What's your opinion on them?

  2. #2
    Join Date
    Nov 2002
    Location
    Portland, Oregon
    Posts
    2,948
    I'm honestly not sure how often the DBs are maintained, but their last release was in May 2012. I personally would keep it around. I doubt it'll hurt anything. There are other tools like ClamAV, maldet, cXs, and some others that, while not officially a "rootkit scanner", do aide in identifying possible rootkits. These are just some other options to consider. The Rack911 InfoSec guys may be able to elaborate more on the effectiveness of rkhunter & chkrootkit, or some other solution, but I wouldn't use either by themselves as a foundation for maintaining integrity.
    | John Edel Jetfire Networks L.L.C. Trusted Hosting Solutions
    | Consistent, Reliable, Stable OpenVZ & KVM Virtual Private Servers
    | SpamWall AV & Full SMTP Filtering
    Now an SSLStore Titanium Partner!

  3. #3
    they are useful, however honestly as mentioned above clamav and maldet can take the stage. a little vigilance, keen eye, and grep can go a long way as well

  4. #4
    Join Date
    May 2013
    Location
    India
    Posts
    748
    Yup, you can still use them. It is good to check things with the available tools first and can reduce your efforts if they can identify the rootkits. If you strongly doubt there is something suspicious rather than a regualr check, of course use other tools as well and don't rely on any one-two set of tools result.

  5. We dont use them on our newer servers, olders are still running a cron.. wont hurt
    Hostabulous | cPanel (Linux) & Plesk (Windows) Hosting KVM VPS R1Soft backups | Proudly Canadian
    Cloudflare LiteSpeed Cloudlinux Remote backups Anti-Spam Web App Firewall Canada/US/Germany

  6. #6
    I'd suggest keep it.

    Like others have said, won't do any harm in keeping it.

    Although, I'd also suggest running ClamAV, and tools such as tripwire which can detect the slightest change on the filesystem if you keep it maintained and configured correctly, So you'll know if you have an intrusion and what they changed within 24-hours basically.

  7. #7
    Join Date
    Jul 2013
    Posts
    296
    i suggest CXS, it is great.

  8. #8
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,294
    Quote Originally Posted by jfnllc View Post
    I'm honestly not sure how often the DBs are maintained, but their last release was in May 2012. I personally would keep it around. I doubt it'll hurt anything. There are other tools like ClamAV, maldet, cXs, and some others that, while not officially a "rootkit scanner", do aide in identifying possible rootkits. These are just some other options to consider. The Rack911 InfoSec guys may be able to elaborate more on the effectiveness of rkhunter & chkrootkit, or some other solution, but I wouldn't use either by themselves as a foundation for maintaining integrity.
    A good example of what neither of them 'detect' are backdoored sshd binaries.
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

Similar Threads

  1. rootkithunter message
    By amirasap in forum Dedicated Server
    Replies: 4
    Last Post: 04-12-2011, 09:13 AM
  2. Replies: 8
    Last Post: 08-13-2008, 08:52 AM
  3. Help with rkhunter & chkrootkit?
    By kamnet in forum Hosting Security and Technology
    Replies: 3
    Last Post: 06-30-2008, 11:40 AM
  4. Named & Chkrootkit
    By Joshua in forum Hosting Security and Technology
    Replies: 2
    Last Post: 03-27-2005, 05:47 PM
  5. Rootkit Hunter & Chkrootkit
    By Vans in forum Dedicated Server
    Replies: 20
    Last Post: 11-07-2004, 07:58 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •