Let’s Use rkhunter To Look For Rootkits

In this article, we’ll go hunting for rootkits with a tool known as ‘rkhunter‘. It’s relatively easy to use rkhunter and this article will show you how. Don’t worry, it’s not all that complicated. You can do it.

So, what is a rootkit? Well, for the purposes of this exercise, a rootkit is malware that hides itself while allowing privileged access to the system. In other words, it’s the kit that allows an unauthorized person to use the system with root privileges. The word ‘malware‘ refers to software that would do you or your system harm.

A rootkit is one of many types of malware, like viruses and trojans, and Linux isn’t entirely immune to such. If you give an application privileges, it can and will use those privileges. That’s true for software you want and software you don’t want.

Malware exists for Linux! Know what you’re installing before you install it, and get your software from legitimate sources! Linux has some security advantages, and your actions can easily nullify those advantages. If you give something the permissions necessary to make it executable, it can be executed – even if it’s malware.

The rkhunter application is a software tool that will help you check your system for rootkits and some other exploits. It doesn’t help you remove them, it only helps you identify them. 

If you’re curious, rkhunter describes itself as:

rkhunter is a shell script which carries out various checks on the local system to try and detect known rootkits and malware. It also performs checks to see if commands have been modified, if the system startup files have been modified, and various checks on the network interfaces, including checks for listening applications.

Let’s put it to use!

Hunt Rootkits With ‘rkhunter’:

In order to use rkhunter, you have to install it. It’s possibly in your default repos and your package manager is ready to install it. If not, you can grab a copy from their repository and build it. Those using Debian or the likes, can just install it with:

You can adjust that for your distro to see if it’s available. If it’s a mainstream distro, it’s probably available. Once installed, you start the scan with:

This command (there are others, jcheck man rkhunter) will be interactive. You need to sit there to press ENTER once in a while. It’s quick and monitoring it means you’ll see any warnings.

Once it has finished running it will tell you about any warnings. A warning doesn’t necessarily mean an infection!

After checking the warnings, see the log for more information. Read the log every time – that’s where most of the output is stored. Read the log with:

Now it’s up to you. You need to process that information. You may see output such as this:

That doesn’t mean I have 8 rootkits, it means I need to check the logs further to see what it’s calling a potential rootkit. In this case, one of the signs of a rootkit is a process that takes up a lot of RAM. Well, my browser is taking up a bunch of RAM and that’s one of the things it is warning me about.

When I say it’s up to you, it’s really up to you. You have to read the report and the logs to understand what is going on. DO NOT PANIC! The warnings can look scary – but they’re often just warnings. Read the logs thoroughly and understand what you’re reading before you do anything drastic!

Closure:

And there you have it! Another article in the books and this one about security. If you think you have a rootkit, feel free to leave a comment, but rkhunter tends to be a little trigger-happy with the warnings.

Thanks for reading! If you want to help, or if the site has helped you, you can donate, register to help, write an article, or buy inexpensive hosting to start your own site. If you scroll down, you can sign up for the newsletter, vote for the article, and comment.

Smash a button!
[Total: 2 Average: 5]

Review: The SpaceFM File Manager For Linux

Let’s try something new! Let’s take a look at a different file manager for a change. Specifically, let’s look at SpaceFM, a multi-panel file manager for Linux. It’s worth looking at and has a ton of useful features.

I figured that it’d be fun to sometimes review stuff and added the category when I was building the site. I haven’t used it until now, mostly because I had more pressing things to write. Alas, I’ve committed to write articles every other day for a year (or as close to it as I can get), so I might as well try out this review thing.

On with the article!

Wikipedia has an article about file managers, because of course they do. Simply put, it’s an application that lets you more easily manage files and directories. It’s usually a graphical application these days, but that wasn’t always true. If you’re coming from a Windows background, the Windows Explorer application was a file manager.

File managers often add other features, as does SpaceFM. Not only does it have multi-panels, it also has tabs, and more! So, let’s see how this ‘review’ thing is actually going to work. It’ll probably be a little rough, as this is the first one I’ve written for the site.

Getting SpaceFM:

SpaceFM is actually the default file manager in a few (seven, it seems) distros. It’s also almost certainly possible to find SpaceFM in your default repositories. It’s literally packaged for pretty much everything. Literally! Click the link and you’ll see that your distro is probably supported and it’s already available in your package management tools. Unless you’re using a pretty obscure distro, it’s readily available.

Given that it’s so readily available, I’m surprised that so few people use it. It’s so well documented, that I really don’t need to tell you how to install it. But, for example, you’d install it like this with Ubuntu:

It’s as simple as that! Well, it should be. Just adjust that command for your distro’s package management tools and be sure to use ‘spacefm’ – and it’ll likely be there and installed without a hitch. If you don’t have it available in your default repositories, you can actually use a ‘net installer’ found here. It’s truly one of the most accessible programs I’ve ever seen. 

One of the great things about installing SpaceFM is that you’ll also get a nice GUI SpaceFM File Search application. It’s pretty self-explanatory and it looks like this:

SpaceFM Find Files
See? You can find files with it, as well! Alas, it doesn’t search *in* files.

I use that with some regularity, as I have a whole lot of files and am not the greatest at organizing them. I find it processes the search pretty quickly, though I am not sure how well it will perform on older hardware.

Why SpaceFM:

I think a picture is worth 1000 words, or that it can be. So, let me just share a picture with you and we’ll see where we are after that. Be sure to click on the picture, as it will expand to a larger image that’ll let you see more clearly.

SpaceFM in all its glory!
I realize that’s a pretty busy picture and that there’s much to digest.

As you can see, I have three different panels open. It’s possible to have up to four panels. In each of those panels, you can also have tabs. If you’re looking to manage your files in a complex fashion, this is definitely one of the best tools to do it.

Helpfully, SpaceFM describes itself as this:

SpaceFM is a multi-panel tabbed file and desktop manager for Linux with built-in VFS, udev- or HAL-based device manager, customisable menu system, and bash-GTK integration. SpaceFM aims to provide a stable, capable file manager with significant customisation capabilities.

The above reasons are all pretty good reasons to at least try SpaceFM, but there’s more! See, there are also a bunch of plugins for those people that want to extend SpaceFM even further. There are plugins for GPG, bulk-renaming, auto-mount, image tools, and more! Take a look, there are quite a few!

So, what you end up with is a complete package. I realize that many folks will prefer to keep some of those things separate (the ‘Unix philosophy’), but it really does make for a light, responsive, intuitive, and effective file management package. I’m really surprised that so few people take advantage of this.

Closure:

There’s not much more to say. It’s there. Give it a try. As this is a review, I’ll rate it a solid 9 out of 10, with one point being taken off for not having an easier way to install plugins. I’ve used it extensively and never had so much as a crash and the plugins have always worked as advertised.

As mentioned above, this is my first review for the site. I made the category at the start, without really putting any thought into what it’d look like when I wrote stuff to fit that category. I’m not terribly pleased with how this one came out, but I know that I’ll try a few more things in future reviews and they’ll improve over time.

I’ve said before that the goal is an article every other day for a year, which means I’ve got plenty of time to get better! Please leave any feedback below, as I’d like to make this a regular feature. It’d be great to expose people to some alternatives – and to learn of some alternatives along the way. There’s some great software out there that’s still relatively unknown.

As always, thanks for reading. If you want to help, you know how to do so! I’ve told you this before! You can donate, register, write an article, buy hosting, rate the article, share the article on social media, leave a comment, or sign up for the newsletter! Bandwidth is again creeping up, but it’s below my new level. Again, thanks!

Smash a button!
[Total: 6 Average: 5]