Rootkit hunter ...

Sorry if this has been posted somewhere before, I did a quick search but didn't see it anywhere.

I found this nice little tool that searches your *nix system for the possibility of a rootkit infection. It is similar to chkrootkit but it doesn't seem to throw up the false positives that chkrootkit does.

Rootkit Hunter is very easy to install and and has a nice interactive run feature on the commandline. While no tool is perfect it will scan the system for many of the common rootkits.

Just another one to drop into your *nix arsenal :)

For more info here is the official site;

rkhunter - http://www.rootkit.nl

... and a bit of a story about it at NewsForge can be found here

I just installed it and tested it on an unsecured test box. The results are hardcore. An excellent tool. Apart from just looking for rootkits, its also scans for unsafe settings within some services. I tested it on an unpatched suse 7.3 box.... it found all the opensll weaknesses aswell as diverse warnings for ssh protocol 1 and also bitched at me for some unsafe settings in /etc/ssh/sshd_config.

Very cool find Phat_Penguin

Cheers ;)