Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 47781

Summary: Rootkit Hunter is scanning tool to ensure you for about 99.9% you're clean of nasty tools.
Product: Gentoo Linux Reporter: bintut <bintut>
Component: New packagesAssignee: solar (RETIRED) <solar>
Status: RESOLVED TEST-REQUEST    
Severity: enhancement CC: krispykringle
Priority: Highest Keywords: EBUILD, InVCS
Version: unspecified   
Hardware: All   
OS: All   
URL: http://www.rootkit.nl/projects/rootkit_hunter.html
Whiteboard:
Package list:
Runtime testing required: ---
Attachments: ebuild for rkhunter 1.0.9

Description bintut 2004-04-13 19:10:18 UTC 
Rootkit Hunter is scanning tool to ensure you for about 99.9% you're clean of nasty tools. This tool scans for rootkits, backdoors and local exploits by running tests like:

- MD5 hash compare
- Look for default files used by rootkits
- Wrong file permissions for binaries
- Look for suspected strings in LKM and KLD modules
- Look for hidden files
- Optional scan within plaintext and binary files

Rootkit Hunter is released as GPL licensed project and free for everyone to use.
Comment 1 Martin Holzer (RETIRED) gentoo-dev 2004-04-27 09:16:40 UTC 
chkrootkit which is already in portage also does this

feel free to write and submit an ebuild
http://www.gentoo.org/doc/en/gentoo-howto.xml.
Comment 2 solar (RETIRED) gentoo-dev 2004-05-24 04:46:06 UTC 
bintut,
Please attach an .ebuild or we will have to close this as NEEDINFO
Comment 3 Arno 2004-05-28 05:02:18 UTC 
Created attachment 32200 [details]
ebuild for rkhunter 1.0.9

Added ebuild. Enjoy.
Comment 4 Martin Holzer (RETIRED) gentoo-dev 2004-05-28 07:08:47 UTC 
*** Bug 52245 has been marked as a duplicate of this bug. ***
Comment 5 solar (RETIRED) gentoo-dev 2004-05-29 23:36:12 UTC 
Arch maintainers please test and add arch KEYWORD's for =app-admin/rkhunter-1.0.9

ACCEPT_KEYWORDS="~x86" emerge rkhunter
Example usage:
/usr/bin/rkhunter -c --skip-keypress
Comment 6 David Holm (RETIRED) gentoo-dev 2004-05-30 02:55:51 UTC 
Added to ~ppc.
Comment 7 Bryan Østergaard (RETIRED) gentoo-dev 2004-05-30 05:03:55 UTC 
Keyworded ~alpha.
Comment 8 Danny van Dyk (RETIRED) gentoo-dev 2004-05-30 05:15:48 UTC 
Marked ~amd64.
Comment 9 Jason Wever (RETIRED) gentoo-dev 2004-05-30 19:44:35 UTC 
Added ~sparc keyword.