|   |     | 
| (34 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt) | 
| Zeile 1: | Zeile 1: | 
|  | {{DISPLAYTITLE:rkhunter}}
 |  | 
|  | '''rkhunter''' - RootKit Hunter |  | '''rkhunter''' - RootKit Hunter | 
|  | 
 |  | 
 | 
|  | == Beschreibung == |  | == Beschreibung == | 
|  | rkhunter is a shell script which carries out various checks on the local system to try and detect known rootkits and malware.  |  | [[rkhunter]] ist ein Shell-Skript, das Überprüfungen auf dem lokalen System durchführt | 
|  | * It also performs checks to see if commands have been modified,if the system startup files have been modified,and various checks on the network interfaces,including checks for listening applications. |  | * um bekannte Rootkits und Malware zu erkennen | 
|  |  | * Es überprüft auch, ob Befehle oder die Systemstartdateien verändert wurden, und führt verschiedene Überprüfungen der Netzwerkschnittstellen durch, einschließlich der Überprüfung auf lauschende Anwendungen | 
|  |  |   | 
|  |  | rkhunter wurde so generisch wie möglich geschrieben und sollte daher auf den meisten Linux- und UNIX-Systemen laufen | 
|  |  | * Es wird mit einigen Support-Skripten geliefert, falls bestimmte Befehle im System fehlen sollten, von denen einige Perl-Skripte sind | 
|  |  | * rkhunter benötigt bestimmte Befehle, um ausgeführt werden zu können | 
|  |  | * Darüber hinaus erfordern einige Tests bestimmte Befehle, aber wenn diese nicht vorhanden sind, wird der Test übersprungen | 
|  | 
 |  | 
 | 
|  | rkhunter has been written to be as generic as possible, and so should run on most Linux and UNIX systems. 
 |  | * rkhunter muss unter einer Bourne-artigen Shell ausgeführt werden, in der Regel bash oder ksh | 
|  | * It is provided with some support scripts should certain commands be missing from the system, and some of these are perl scripts. 
 |  | * rkhunter kann als Cron-Job oder über die Befehlszeile ausgeführt werden | 
|  | * rkhunter does require certain commands to be present for it to be able to execute. 
 |  | 
|  | * Additionally, some tests require specific commands, but if these are not present then the test will be skipped. 
 |  | 
|  | * rkhunter needs to be run under a Bourne-type shell,typically bashor ksh.  |  | 
|  | * rkhunter can be run as a cron job or from the command-line. |  | 
|  | 
 |  | 
 | 
|  | ; LICENSING |  | ; LIZENZ | 
|  | RootKit Hunter is licensed under the GPL, copyright Michael Boelen. See the LICENSEfile for details of GPL licensing. |  | RootKit Hunter ist unter der [[GPL]] lizenziert | 
|  |  | * Copyright Michael Boelen | 
|  |  | * Einzelheiten zur GPL-Lizenzierung finden Sie in der Datei LICENSE | 
|  | 
 |  | 
 | 
|  | == Installation == |  | == Installation == | 
|  | == Aufruf == |  | <syntaxhighlight lang="bash" highlight="1" line copy> | 
|  |  rkhunter{--check | --unlock | --update | --versioncheck | --propupd [{filename | directory | package name},...] | --list [tests | {lang | languages} | rootkits | perl | propfiles] | --config-check | --version | --help} [options]
 |  | sudo apt install rkhunter | 
|  |   |  | </syntaxhighlight> | 
|  | === Optionen ===
 |  | 
|  | === Argumente ===
 |  | 
|  | === Umgebung ===
 |  | 
|  | === Rückgabewert ===
 |  | 
|  | 
 |  | 
 | 
|  | == Anwendung == |  | == Anwendung == | 
|  | === Problembehebung === |  | <syntaxhighlight lang="bash" highlight="1" line copy> | 
|  | == Konfiguration ==
 |  | </syntaxhighlight> | 
|  | === Dateien ===
 |  | 
|  | For a default installation
 |  | 
|  |  /etc/rkhunter.conf
 |  | 
|  |  /var/log/rkhunter.log
 |  | 
|  | 
 |  | 
 | 
|  | == Anhang ==
 |  | 
|  | === Siehe auch ===
 |  | 
|  | See the CHANGELOG file for recent changes.
 |  | 
|  | The README file has information about installing rkhunter, as well as specific sections on test names and using package managers.
 |  | 
|  | The FAQ file should also answer some questions.
 |  | 
|  | 
 |  | 
 | 
|  | == |  | == Aufruf == | 
|  | {{Special:PrefixIndex/Rkhunter}}
 |  | <syntaxhighlight lang="bash" highlight="1"> | 
|  |  |  rkhunter [options] | 
|  |  | </syntaxhighlight> | 
|  | 
 |  | 
 | 
|  | ==== Sicherheit ==== |  | === Optionen === | 
|  | === Dokumentation ===
 |  | {| class="wikitable sortable options gnu big" | 
|  | ===== RFC =====
 |  | |- | 
|  | ; Man-Page
 |  | ! Unix !! GNU !! Parameter !! Beschreibung | 
|  | # rkhunter(8)
 |  | |- | 
|  |  | | || || || | 
|  |  | |- | 
|  |  | |} | 
|  | 
 |  | 
 | 
|  | ;Info-Page
 |  | === Befehlsoptionen === | 
|  | === Links === |  | Wenn keine Befehlsoption angegeben wird, wird --help angenommen | 
|  |  | * rkhunter gibt einen Exit-Code ungleich Null zurück, wenn ein Fehler oder eine Warnung auftritt | 
|  | 
 |  | 
 | 
|  | ===== Einzelnachweise ===== |  | {| class="wikitable sortable options big gnu" | 
|  | <references /> |  | |- | 
|  |  | ! Unix !! GNU !! Parameter !! Beschreibung | 
|  |  | |- | 
|  |  | | -c || --check || || Diese Befehlsoption weist rkhunter an, verschiedene Überprüfungen auf dem lokalen System durchzuführen | 
|  |  | * Das Ergebnis jedes Tests wird auf stdout angezeigt | 
|  |  | * Wenn etwas Verdächtiges gefunden wird, wird eine Warnung angezeigt | 
|  |  | * Eine Protokolldatei der Tests und der Ergebnisse wird automatisch erstellt | 
|  |  | * Es wird empfohlen, diese Befehlsoption regelmäßig auszuführen, um sicherzustellen, dass das System nicht kompromittiert wurde | 
|  |  | |- | 
|  |  | | || --unlock || || Diese Befehlsoption entsperrt (entfernt) einfach die Sperrdatei | 
|  |  | * Wenn diese Option allein verwendet wird, wird keine Protokolldatei erstellt | 
|  |  | |- | 
|  |  | | || --update || || Diese Befehlsoption veranlasst rkhunter zu überprüfen, ob es eine neuere Version einer seiner Textdatendateien gibt | 
|  |  | * Ein Befehlszeilen-Webbrowser, zum Beispiel wget oder linux, muss auf dem System vorhanden sein, wenn diese Option verwendet wird | 
|  |  | * Es wird empfohlen, diese Befehlsoption regelmäßig auszuführen, um sicherzustellen, dass die Datendateien auf dem neuesten Stand sind | 
|  |  | * Wenn diese Option über cron verwendet wird, wird empfohlen, auch die Option --nocolors zu verwenden | 
|  |  | * Ein Exit-Code von Null für diese Befehlsoption bedeutet, dass keine Updates verfügbar waren | 
|  |  | * Ein Exit-Code von eins bedeutet, dass ein Download-Fehler aufgetreten ist, und ein Code von zwei bedeutet, dass kein Fehler aufgetreten ist, aber Updates verfügbar waren und installiert wurden | 
|  |  | |- | 
|  |  | | || --propupd [<nowiki>filename | directory | package name},...</nowiki>] || || Eine der Überprüfungen, die rkhunter durchführt, ist der Vergleich verschiedener aktueller Dateieigenschaften verschiedener Befehle mit denen, die zuvor gespeichert wurden | 
|  |  | * Diese Befehlsoption bewirkt, dass rkhunter seine Datendatei mit gespeicherten Werten mit den aktuellen Werten aktualisiert | 
|  |  | * Wenn die Option „filename“ verwendet wird, muss es sich entweder um einen vollständigen Pfadnamen oder um einen einfachen Dateinamen (z. *B. [[awk]]) handeln | 
|  |  | * Bei Verwendung wird nur der Eintrag in der Dateieigenschaftsdatenbank für diese Datei aktualisiert | 
|  |  | * Wenn die Option directory verwendet wird, werden nur die in der Datenbank aufgeführten Dateien aktualisiert, die sich in dem angegebenen Verzeichnis befinden | 
|  |  | * Wenn die Option package name verwendet wird, werden ebenfalls nur die Dateien in der | 
|  |  | Datenbank aktualisiert, die Teil des angegebenen Pakets sind | 
|  |  | * Der Paketname muss der Basisteil des Namens sein, Versionsnummern sollten nicht enthalten sein – zum Beispiel „coreutils” | 
|  |  | * Paketnamen werden natürlich nur dann in der Dateieigenschaftsdatenbank gespeichert, wenn ein Paketmanager | 
|  |  | verwendet wird | 
|  |  | * Wenn ein Paketname mit einem Dateinamen übereinstimmt – beispielsweise könnte „file” sich auf den Befehl „file” oder auf das RPM | 
|  |  | -Paket „file” (das den Befehl „file” enthält) beziehen –, wird der Paketname verwendet | 
|  |  | * Wenn keine bestimmte Option angegeben wird, wird die gesamte Datenbank aktualisiert | 
|  | 
 |  | 
 | 
|  | ==== Projekt ====
 |  | WARNUNG: Es liegt in der Verantwortung des Benutzers, sicherzustellen, dass die Dateien auf dem System echt sind und aus einer zuverlässigen Quelle stammen | 
|  | This software was developed by the RootKit Hunter project team. To report bugs,patches,comments and questions,please go to:
 |  | * rkhunter kann nur melden, ob sich eine Datei geändert hat, aber nicht, was die Änderung verursacht hat | 
|  | https://rkhunter.sourceforge.net/
 |  | * Wenn sich also eine Datei geändert hat und die Befehlsoption --propupd verwendet wird, geht rkhunter davon aus, dass die Datei echt ist | 
|  |   |  | 
|  | ==== Weblinks ====
 |  | 
|  | <noinclude>
 |  | 
|  |   |  | 
|  | = TMP =
 |  | 
|  | == COMMAND OPTIONS ==
 |  | 
|  | If no command option is given, then --help is assumed. rkhunterwill return a non-zero exit code if any error or warning occurs.
 |  | 
|  |   |  | 
|  | {| class="wikitable sortable options big"
 |  | 
|  | |- |  | |- | 
|  | ! Option!! Beschreibung
 |  | | || --versioncheck || || Diese Befehlsoption veranlasst rkhunter zu überprüfen, ob eine neuere Version des Programms verfügbar ist | 
|  |  | * Bei Verwendung dieser Option muss ein Befehlszeilen-Webbrowser auf dem System vorhanden sein | 
|  |  | * Wenn diese Option über cron verwendet wird, wird empfohlen, auch die Option --nocolors zu verwenden | 
|  |  | * Ein Exit-Code von Null für diese Befehlsoption bedeutet, dass keine neue Version verfügbar war | 
|  |  | * Ein Exit-Code von eins bedeutet, dass beim Herunterladen der neuesten Versionsnummer ein Fehler aufgetreten ist , und ein Code von zwei bedeutet, dass kein Fehler aufgetreten ist, aber eine neue Version verfügbar ist | 
|  | |- |  | |- | 
|  | | -c, --check ||This command option tells rkhunterto perform various checks on the local system. The result of each test will be displayed on stdout. If |  | | || -list <nowiki>[tests | {lang | languages} | rootkits | perl | propfiles]</nowiki> || || Diese Befehlsoption listet einige der unterstützten Funktionen des Programms auf und beendet dann die Ausführung | 
|  | anything suspicious is found,then a warning will be displayed. A log file of the tests and the results will be automatically produced.
 |  | * Die Option tests listet die derzeit verfügbaren Testnamen auf (weitere Informationen zu den Testnamen finden Sie in der README-Datei) | 
|  |   |  | * Die Option languages listet die derzeit verfügbaren Sprachen auf, und die Option rootkits listet die Rootkits auf, nach denen rkhunter sucht | 
|  | It is suggested that this command option is run regularly in order to ensure that the system has not been compromised.
 |  | * Die Option perl listet den Installationsstatus des Befehls perl und der Perl-Module auf, die von einigen der Tests verwendet werden können | 
|  |  | * Beachten Sie, dass die Installation dieser Module nicht erforderlich ist | 
|  |  | * Wenn rkhunter jedoch gezwungen ist, Perl zur Ausführung eines Tests zu verwenden, muss das Modul vorhanden sein | 
|  |  | * Die Option propfiles listet die Dateinamen auf, die zur Erstellung der Dateieigenschaftsdatenbank verwendet werden | 
|  |  | * Wenn keine bestimmte Option angegeben wird, werden alle Listen mit Ausnahme der Dateieigenschaftsdatenbank angezeigt | 
|  | |- |  | |- | 
|  | | --unlock ||This command option simply unlocks (removes)the lock file. If this option is used on its own,then no log file is created. |  | | -C || --config-check || || Diese Befehlsoption bewirkt, dass rkhunter seine Konfigurationsdatei(en) überprüft und dann beendet wird | 
|  |  | * Das Programm führt seine normalen Konfigurationsprüfungen durch, wie sie durch die Optionen enable und disable in der Befehlszeile und in den Konfigurationsdateien festgelegt sind | 
|  |  | * Das heißt, es werden nur die Konfigurationsoptionen für Tests überprüft, die normalerweise ausgeführt würden | 
|  |  | * Um alle konfigurierten Optionen zu überprüfen, verwenden Sie die Optionen --enable all --disable none in der Befehlszeile | 
|  |  | * Zusätzlich überprüft das Programm, ob es nicht erkannte Konfigurationsoptionen gibt | 
|  |  | * Wenn Konfigurationsprobleme gefunden werden, werden diese angezeigt und der Rückgabecode wird auf 1 gesetzt | 
|  |  | * Es wird empfohlen, diese Option immer dann zu verwenden, wenn die Konfigurationsdatei(en) geändert wurden | 
|  | |- |  | |- | 
|  | | --update ||This command option causes rkhunter to check if there is a later version of any of its text data files. A command-line web browser, for |  | | -V || --version || || Diese Befehlsoption bewirkt, dass rkhunter seine Versionsnummer anzeigt und dann beendet wird | 
|  | example wget or linux, must be present on the system when using this option.
 |  | 
|  |   |  | 
|  | It is suggested that this command option is run regularly in order to ensure that the data files are kept up to date.
 |  | 
|  |   |  | 
|  | If this option is used via cron, then it is recommended that the --nocolors option is also used.
 |  | 
|  |   |  | 
|  | An exit code of zero for this command option means that no updates were available. An exit code of one means that a download error occurred,
 |  | 
|  | and a code of two means that no error occurred but updates were available and have been installed.
 |  | 
|  | |- |  | |- | 
|  | | --propupd [{filename |directory |package name},...] ||One of the checks rkhunter performs is to compare various current file properties of various commands, against those it has previously |  | | -h || --help || || Diese Befehlsoption zeigt das Hilfemenü an und beendet dann das Programm | 
|  | stored. This command option causes rkhunter to update its data file of stored values with the current values.
 |  | |} | 
|  |   |  | 
|  | If the filename option is used, then it must either be a full pathname, or a plain file name (for example, 'awk'). When used, then only the
 |  | 
|  | entry in the file properties database for that file will be updated. If the directory option is used, then only those files listed in the
 |  | 
|  | database that are in the given directory will be updated. Similarly, if the package name option is used, then only those files in the
 |  | 
|  | database which are part of the specified package will be updated. The package name must be the base part of the name, no version numbers
 |  | 
|  | should be included - for example, 'coreutils'. Package names will, of course, only be stored in the file properties database if a package
 |  | 
|  | manager is being used. If a package name is the same as a file name - for example, 'file' could refer to the 'file' command or to the RPM
 |  | 
|  | 'file' package (which contains the 'file' command) - the package name will be used. If no specific option is given, then the entire database
 |  | 
|  | is updated.
 |  | 
|  | 
 |  | 
 | 
|  | WARNING: It is the users responsibility to ensure that the files on the system are genuine and from a reliable source. rkhunter can only
 |  | === Parameter === | 
|  | report if a file has changed, but not on what has caused the change. Hence, if a file has changed, and the --propupd command option is used,
 |  | === Umgebungsvariablen === | 
|  | then rkhunter will assume that the file is genuine.
 |  | === Exit-Status === | 
|  |  | {| class="wikitable options col1center big" | 
|  | |- |  | |- | 
|  | | --versioncheck || This command option causes rkhunter to check if there is a later version of the program. A command-line web browser must be present on the
 |  | ! Wert !! Beschreibung | 
|  | system when using this option.
 |  | 
|  |   |  | 
|  | If this option is used via cron, then it is recommended that the --nocolors option is also used.
 |  | 
|  |   |  | 
|  | An exit code of zero for this command option means that no new version was available. An exit code of one means that an error occurred
 |  | 
|  | downloading the latest version number, and a code of two means that no error occurred but a new version is available.
 |  | 
|  | |- |  | |- | 
|  | | --list [tests |{lang |languages} | rootkits | perl | propfiles] || This command option will list some of the supported capabilities of the program, and then exit. The tests option lists the currently |  | | 0 || Erfolg | 
|  | available test names (see the README file for more details about test names). The languages option lists the currently available languages,
 |  | 
|  | and the rootkits option lists the rootkits that are searched for by rkhunter. The perl option lists the installation status of the perl
 |  | 
|  | command and perl modules that may be used by some of the tests. Note that it is not required to install these modules. However, if rkhunter
 |  | 
|  | is forced to use perl to execute a test then the module must be present. The propfiles option will list the file names that are used to
 |  | 
|  | generate the file properties database. If no specific option is given, then all the lists, except for the file properties database, are
 |  | 
|  | displayed.
 |  | 
|  | |- |  | |- | 
|  | | -C, --config-check ||This command option causes rkhunter to check its configuration file(s), and then exit. The program will run through its normal configuration |  | | >0 || Fehler | 
|  | checks as specified by the enable and disable options on the command-line and in the configuration files. That is, only the configuration
 |  | |} | 
|  | options for tests which would normally run are checked. In order to check all the configured options, then use the --enable all --disable
 |  | 
|  | none options on the command line. Additionally, the program will check to see if there are any unrecognised configuration options. If any
 |  | 
|  | configuration problems are found, then they will be displayed and the return code will be set to 1.
 |  | 
|  | 
 |  | 
 | 
|  | It is suggested that this option is used whenever the configuration file(s) have been changed.
 |  | == Konfiguration == | 
|  |  | === Dateien === | 
|  |  | {| class="wikitable options big" | 
|  |  | |- | 
|  |  | ! Datei !! Beschreibung | 
|  | |- |  | |- | 
|  | | -V, --version ||This command option causes rkhunter to display its version number, and then exit. |  | | /etc/rkhunter.conf || | 
|  | |- |  | |- | 
|  | | -h, --help ||This command option displays the help screen menu, and then exits. |  | | /var/log/rkhunter.log || | 
|  | |} |  | |} | 
|  | 
 |  | 
 | 
|  | == OPTIONS ==
 |  | <noinclude> | 
|  | rkhunter uses a configuration file, named rkhunter.conf, for many of its configuration options. It can also use a local configuration file, named
 |  | 
|  | rkhunter.conf.local, and a directory named rkhunter.d if it is present. Both the local configuration file, and the local directory, must be in the
 |  | 
|  | same directory as the main configuration file. The installer does not create the local file or directory, but one, or both, can be created by the
 |  | 
|  | user if required. If a directory is used, then within the directory any file ending in .conf will be treated as a local configuration file.
 |  | 
|  | 
 |  | 
 | 
|  | Some options can also be specified on thecommand-line, and these will override the equivalent configuration fileoptions. Theconfiguration file
 |  | == Anhang == | 
|  | options are well documented within the main configuration file itself. The following are the command-line options. Thedefaults mentioned here are
 |  | === Siehe auch === | 
|  | the program defaults, unless explicitly stated as the configuration filedefault.
 |  | * See the CHANGELOG file for recent changes | 
|  |  | * The README file has information about installing rkhunter, as well as specific sections on test names and using package managers | 
|  |  | * The FAQ file should also answer some questions | 
|  | 
 |  | 
 | 
|  | --appendlog |  | <div style="column-count:2"> | 
|  | By default a new log file will be created when rkhunter runs, and the previous log file will be renamed by having .old appended to its name.
 |  | <categorytree hideroot=on mode="pages">{{BASEPAGENAME}}</categorytree> | 
|  | This option tells rkhunter to append to the existing log file. If the log file does not exist, then it will be created.
 |  | </div> | 
|  |  | ---- | 
|  |  | {{Special:PrefixIndex/{{BASEPAGENAME}}/}} | 
|  |  | ---- | 
|  | 
 |  | 
 | 
|  | --bindir <directory>... |  | === Dokumentation === | 
|  | This option modifies which directories rkhunterlooks in to find the various commands it requires (that is, its PATH). The default is the
 |  | ; Man-Page | 
|  | root PATH, and an internal list of some common command directories. By default a specified directory will be appended to the default list.
 |  | # [https://manpages.debian.org/stable/rkhunter/rkhunter.8.en.html rkhunter(8)] | 
|  | However, if the directory name begins with the '+' character, then it will be prepended to the list (that is, it will be put at the start of
 |  | <!-- | 
|  | the list).
 |  | ; Info-Pages | 
|  |  | --> | 
|  | 
 |  | 
 | 
|  | --cs2, --color-set2
 |  | === Links === | 
|  | By default rkhunterwill display its test results in color.The colors used are green for successful tests, red for failed tests (warnings),
 |  | ==== Projekt ==== | 
|  | and yellow for skipped tests.These colors are visible when a black background is used, but are difficult to see on a white background. This
 |  | # https://rkhunter.sourceforge.net | 
|  | option tells rkhunter to use a different color set which is more suited to a white background.
 |  | ==== Weblinks ==== | 
|  | 
 |  | 
 | 
|  | --configfile <file>
 |  | {{DISPLAYTITLE:rkhunter}} | 
|  | The installation process will automatically tell rkhunterwhere its configuration file is located. However, if necessary, this option can be
 |  | {{DEFAULTSORT:rkhunter}} | 
|  | used to specify a different pathname.
 |  | 
|  |   |  | 
|  | If a local configuration file, or directory, is to be used, then it must reside in the same directory as the configuration file specified by
 |  | 
|  | this option.
 |  | 
|  |   |  | 
|  | --cronjob
 |  | 
|  | This is similar to the --check command option, but it disables several of the interactive options. When this option is used --check,
 |  | 
|  | --nocolors and --skip-keypress are assumed. By default no output is sent to stdout, so the --report-warnings-only option may be useful with
 |  | 
|  | this option.
 |  | 
|  |   |  | 
|  | --dbdir <directory>
 |  | 
|  | The installation process will automatically configure where the data files are stored for rkhunter. However, if necessary, this option can be
 |  | 
|  | used to specify a different directory. The directory can be read-only, after installation, provided that neither of the --update or --propupd
 |  | 
|  | options are specified, and that the --versioncheck option is not specified if ROTATE_MIRRORS is set to 1 in the configuration file.
 |  | 
|  |   |  | 
|  | --debug
 |  | 
|  | This is a special option mainly for the developers. It produces no output on stdout. Regular logging will continue as per default or as
 |  | 
|  | specified by the --logfile option, and the debug output will be in a randomly generated filename which starts with /tmp/rkhunter-debug.
 |  | 
|  |   |  | 
|  | --disable <test>[,<test>...]
 |  | 
|  | This option tells rkhunter not to run the specified tests. Read the README file for more information about test names. By default no tests
 |  | 
|  | are disabled.
 |  | 
|  |   |  | 
|  | --display-logfile
 |  | 
|  | This option will cause the logfile to be displayed on the screen once rkhunter has finished.
 |  | 
|  |   |  | 
|  | --enable <test>[,<test>...]
 |  | 
|  | This option tells rkhunter to only run the specified tests. If only one test name, other than all, is given, then the --skip-keypress option
 |  | 
|  | is assumed. Read the README file for more information about test names. By default all tests are enabled. All the test names are listed below
 |  | 
|  | under TESTS.
 |  | 
|  |   |  | 
|  | --hash {MD5 | SHA1 | SHA224 | SHA256 | SHA384 | SHA512 |
 |  | 
|  | NONE | <command>}
 |  | 
|  | Both the file properties check and the --propupd command option will use a hash function to determine a files current hash value. This option
 |  | 
|  | tells rkhunter which hash function to use. The MD5 and SHA options will look for the relevant command, and, if not found, a perl support
 |  | 
|  | script will then be used to see if a perl module supporting the function has been installed. Alternatively, a specific command may be
 |  | 
|  | specified. A value of NONE can be used to indicate that the hash values should not be obtained or used as part of the file properties check.
 |  | 
|  | The default is SHA256.
 |  | 
|  |   |  | 
|  | Systems using prelinking must use either MD5, SHA1 or NONE.
 |  | 
|  |   |  | 
|  | --lang, --language <language>
 |  | 
|  | This option specifies which language to use for the displayed tests and results. The currently supported languages can be seen by the --list
 |  | 
|  | command option. The default is en (English). If a message to be displayed cannot be found in the language file, then the English version will
 |  | 
|  | be used. As such, the English language file must always be present. The --update command option will update the language files when new
 |  | 
|  | versions are available.
 |  | 
|  |   |  | 
|  | -l, --logfile [file]
 |  | 
|  | By default rkhunter will write out a log file. The default location of the file is /var/log/rkhunter.log. However, this location can be
 |  | 
|  | changed by using this option. If /dev/null is specified as the log file, then no log file will be written. If no specific file is given, then
 |  | 
|  | the default will be used. By default rkhunter will create a new log file each time it is run. Any previously existing logfile is moved out of
 |  | 
|  | the way, and has .old appended to it.
 |  | 
|  |   |  | 
|  | --noappend-log
 |  | 
|  | This option reverts rkhunter to its default behaviour of creating a new log file rather than appending to it.
 |  | 
|  |   |  | 
|  | --nocf
 |  | 
|  | This option is only valid when the command-line --disable option is used. When the --disable option is used, by default, the configuration
 |  | 
|  | file option to disable tests is also used to determine which tests to run. If only the --disable option is to be used to determine which
 |  | 
|  | tests to run, then --nocf must be given.
 |  | 
|  |   |  | 
|  | --nocolors
 |  | 
|  | This option causes the result of each test to not be displayed in a specific color. The default color, usually the reverse of the background
 |  | 
|  | color, will be used (typically this is just black and white).
 |  | 
|  |   |  | 
|  | --nolog
 |  | 
|  | This option tells rkhunter not to write anything to a log file.
 |  | 
|  |   |  | 
|  | --nomow, --no-mail-on-warning
 |  | 
|  | The configuration file has an option which will cause a simple email message to be sent to a user should rkhunter detect any warnings during
 |  | 
|  | system checks. This command-line option overrides the configuration file option, and prevents an email message from being sent. The
 |  | 
|  | configuration file default is not to email a message.
 |  | 
|  |   |  | 
|  | --ns, --nosummary
 |  | 
|  | When the --check command option is used, by default a short summary of results is displayed at the end. This option prevents the summary from
 |  | 
|  | being displayed.
 |  | 
|  |   |  | 
|  | --novl, --no-verbose-logging
 |  | 
|  | During some tests rkhunter will log a lot of information. Use of this option reduces the amount of logging, and so can improve the
 |  | 
|  | performance of rkhunter. However, the log file will contain less information should any warnings occur. By default verbose logging is
 |  | 
|  | enabled.
 |  | 
|  |   |  | 
|  | --pkgmgr {RPM | DPKG | BSD | BSDng | SOLARIS | NONE}
 |  | 
|  | This option is used during the file properties check or when the --propupd command option is given. It tells rkhunter that the current file
 |  | 
|  | property values should be obtained from the relevant package manager. See the README file for more details of this option. The default is
 |  | 
|  | NONE, which means not to use a package manager.
 |  | 
|  |   |  | 
|  | -q, --quiet
 |  | 
|  | This option tells rkhunter not to display any output. It can be useful when only the exit code is going to be checked. Other options may be
 |  | 
|  | used with this one, to force only specific items to be displayed.
 |  | 
|  |   |  | 
|  | --rwo, --report-warnings-only
 |  | 
|  | This option causes only warning messages to be displayed. This can be useful when rkhunter is run via cron. Other options may be used to
 |  | 
|  | force other items of information to be displayed.
 |  | 
|  |   |  | 
|  | --sk, --skip-keypress
 |  | 
|  | When the --check command option is used, after certain sections of tests, the user will be prompted to press the return key in order to
 |  | 
|  | continue. This option disables that feature, and rkhunter will run until all the tests have completed.
 |  | 
|  |   |  | 
|  | If this option has not been given, and the user is prompted to press the return key, a single 's' character, in upper- or lowercase, may be
 |  | 
|  | given followed by the return key. rkhunter will then continue the tests without prompting the user again (as if this option had been given).
 |  | 
|  |   |  | 
|  | --summary
 |  | 
|  | This option will cause the summary of test results to be displayed. This is the default.
 |  | 
|  |   |  | 
|  | --syslog [facility.priority]
 |  | 
|  | When the --check command option is used, this option will cause the start and finish times to be logged to syslog. The default is not to log
 |  | 
|  | anything to syslog, but if the option is used, then the default level is authpriv.notice.
 |  | 
|  |   |  | 
|  | --tmpdir <directory>
 |  | 
|  | The installation process will automatically configure where temporary files are to be created. However, if necessary, this option can be used
 |  | 
|  | to specify a different directory. The directory must not be a symbolic link, and must be secure (root access only).
 |  | 
|  |   |  | 
|  | --vl, --verbose-logging
 |  | 
|  | This option tells rkhunter that when it runs some tests, it should log as much information as possible. This can be useful when trying to
 |  | 
|  | diagnose why a warning has occurred, but it obviously also takes more time. The default is to use verbose logging.
 |  | 
|  |   |  | 
|  | -x, --autox
 |  | 
|  | When this option is used, rkhunter will try and detect if the X Window system is in use. If it is in use, then the second color set will
 |  | 
|  | automatically be used (see the --color-set2 option). This allows rkhunter to be run on, for example, a server console (where X is not
 |  | 
|  | present, so the default color set should be used), and on a users terminal (where X is in use, so the second color set should be used). In
 |  | 
|  | both cases rkhunter will use the correct color set. The configuration file default is to try and detect X.
 |  | 
|  |   |  | 
|  | -X, --no-autox
 |  | 
|  | This option prevents rkhunter from automatically detecting if the X Window system is being used. See the --autox option.
 |  | 
|  |   |  | 
|  | == TESTS ==
 |  | 
|  | [This section to be written]
 |  | 
|  |   |  | 
|  | additional_rkts
 |  | 
|  | This test is for SHORT_EXPLANATION. It works as part of GROUP. Corresponding configuration file entries: ONE=one, TWO=two and for white-
 |  | 
|  | listing THREE=three,three. Simple globbing (/dev/shm/file-*) works.
 |  | 
|  |   |  | 
|  | all
 |  | 
|  |   |  | 
|  | apps
 |  | 
|  |   |  | 
|  | attributes
 |  | 
|  |   |  | 
|  | avail_modules
 |  | 
|  |   |  | 
|  | deleted_files
 |  | 
|  |   |  | 
|  | filesystem
 |  | 
|  |   |  | 
|  | group_accounts
 |  | 
|  |   |  | 
|  | group_changes
 |  | 
|  |   |  | 
|  | hashes
 |  | 
|  |   |  | 
|  | hidden_ports
 |  | 
|  |   |  | 
|  | hidden_procs
 |  | 
|  |   |  | 
|  | immutable
 |  | 
|  |   |  | 
|  | known_rkts
 |  | 
|  |   |  | 
|  | loaded_modules
 |  | 
|  |   |  | 
|  | local_host
 |  | 
|  |   |  | 
|  | malware
 |  | 
|  |   |  | 
|  | network
 |  | 
|  |   |  | 
|  | none
 |  | 
|  |   |  | 
|  | os_specific
 |  | 
|  |   |  | 
|  | other_malware
 |  | 
|  |   |  | 
|  | packet_cap_apps
 |  | 
|  |   |  | 
|  | passwd_changes
 |  | 
|  |   |  | 
|  | ports
 |  | 
|  |   |  | 
|  | possible_rkt_files
 |  | 
|  |   |  | 
|  | possible_rkt_strings
 |  | 
|  |   |  | 
|  | promisc
 |  | 
|  |   |  | 
|  | properties
 |  | 
|  |   |  | 
|  | rootkits
 |  | 
|  |   |  | 
|  | running_procs
 |  | 
|  |   |  | 
|  | scripts
 |  | 
|  |   |  | 
|  | shared_libs
 |  | 
|  |   |  | 
|  | shared_libs_path
 |  | 
|  |   |  | 
|  | startup_files
 |  | 
|  |   |  | 
|  | startup_malware
 |  | 
|  |   |  | 
|  | strings
 |  | 
|  |   |  | 
|  | suspscan
 |  | 
|  |   |  | 
|  | system_commands
 |  | 
|  |   |  | 
|  | system_configs
 |  | 
|  |   |  | 
|  | trojans
 |  | 
|  | 
 |  | 
 | 
|  | [[Kategorie:Linux/Befehl]] |  | [[Kategorie:Linux/Befehl]] | 
|  | [[Kategorie:IT-Sicherheit/Assessment/Tools]] |  | [[Kategorie:IT-Sicherheit/Assessment/Tools]] | 
|  | 
 |  | 
 | 
|  | {{DEFAULTSORT:rkhunter}}
 |  | 
|  | </noinclude> |  | </noinclude> | 
|  |  | [[Kategorie:Linux/Sicherheit]] |