rkhunter 命令

常用示例

说明

rkhunter (Rootkit Hunter) scans Linux systems for rootkits, backdoors, and local exploits. It checks for hidden files, suspicious kernel modules, modified binaries, and other signs of compromise. The tool maintains a database of known malware signatures and file checksums, comparing current system state against known-good values.

参数

-c, --check

Perform system check for rootkits, backdoors, and exploits.

--update

Update data files and malware signatures.

--propupd

Update file properties database with current values (run after legitimate system changes).

--list _tests|rootkits|lang|perl|propfiles_

List supported capabilities.

--versioncheck

Check for a newer rkhunter version.

-C, --config-check

Validate configuration file(s).

--sk, --skip-keypress

Don't wait for a keypress between test groups.

--rwo, --report-warnings-only

Only display warnings.

--cronjob

Optimize output for cron execution (no colors, no keypress).

--configfile _file_

Use an alternate configuration file.

-l, --logfile _file_

Write log output to a specific file.

--appendlog

Append to an existing log file instead of overwriting.

--disable _tests_

Disable specific tests (comma-separated list).

--enable _tests_

Enable only the specified tests.

--pkgmgr _type_

Use package manager verification (RPM, DPKG, BSD, SOLARIS, NONE).

-q, --quiet

Suppress all output.

--nocolors

Disable colored output.

-V, --version

Display version information.

-h, --help

Display help information.