Rkhunter

rkhunter
rkhunter
	rkhunter on Linux
Initial release	2006;19 years ago
Stable release	1.4.6 / 20 February 2018;7 years ago
Repository	git.code.sf.net/p/rkhunter/rkh_code ;
Written in	Bourne shell, Perl
Operating system	Unix-like
Type	rootkit detector
License	GNU General Public License
Website	sourceforge.net/projects/rkhunter/

Last updated November 10, 2025

rkhunter (Rootkit Hunter) is a Unix-based tool that scans for rootkits, backdoors and possible local exploits.^[1] It does this by comparing SHA-1 hashes of important files with known good ones in online databases, searching for default directories (of rootkits), wrong permissions, hidden files, suspicious strings in kernel modules, and special tests for Linux and FreeBSD. rkhunter is notable due to its inclusion in popular operating systems (Fedora,^[2] Debian,^[3] etc.)

Development

In 2003, developer Michael Boelen released the version of Rootkit Hunter. After several years of development, early 2006, he agreed to hand over development to a development team. Since that time eight people have been working to set up the project properly and work towards the much-needed maintenance release. The project has since been moved to SourceForge.

As of May 2025 there has not been an official software release for 7 years. However, recent changes have seen the setting up of new but incomplete website at https://www.rkhunter.dev and a lot of late 2024 development code being committed https://github.com/Rootkit-Hunter/rkhunter/commits/develop/

Both the GitHub and the SourceForge web resources seem to be sponsored by 'dogsbody' while code work seems to be being carried out by John Horne. This appears to be 'work-in-progress' but caution for Website spoofing and similar should always be exercised.^[4]

References

↑ "A way to detect the rootkits and exploits in CentOS/RHEL". medium.com. October 29, 2018. Retrieved 2024-07-04.
↑ "Fedora Packages Search". apps.fedoraproject.org. Archived from the original on 2021-08-19. Retrieved 2020-05-27.
↑ "Debian -- Details of package rkhunter in sid". packages.debian.org.
↑ https://us.norton.com/blog/malware/website-spoofing

External links

This Unix-related article is a stub. You can help Wikipedia by expanding it.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] "A way to detect the rootkits and exploits in CentOS/RHEL". medium.com. October 29, 2018. Retrieved 2024-07-04.

[2] "Fedora Packages Search". apps.fedoraproject.org. Archived from the original on 2021-08-19. Retrieved 2020-05-27.

[3] "Debian -- Details of package rkhunter in sid". packages.debian.org.

[4] ttps://us.norton.com/blog/malware/website-spoofing

[1]

[2]

[3]

[4]

Rkhunter

Contents

Development

See also

References

External links

rkhunter
rkhunter on Linux
Initial release	2006;19 years ago (2006)

Stable release	1.4.6 / 20 February 2018;7 years ago (2018-02-20)

Repository	git.code.sf.net/p/rkhunter/rkh_code
Written in	Bourne shell, Perl
Operating system	Unix-like
Type	rootkit detector
License	GNU General Public License
Website	sourceforge.net/projects/rkhunter/