Yes both are ment to be used from the command line

Thank you

I am trying to discover how these programmes are used.

I tried help, and manual; and found that typing rkhunter starts the programme and gives the options- so that is fine.

Using the same procedure for chkrootkit, I see a message asking for root privilege. I believe that this means I should type sudo chkrootkit. I then hope to see guidance regarding the use of the programme. Am I correct?

When I use these programmes should they both be run using sudo? rkhunter looks like it will run without root privilege.

Let me know what you think.

Best wishes for the New Year

Both have manpages.

rkhunter: http://manpages.ubuntu.com/manpages/...khunter.8.html
chkrootkit: http://manpages.ubuntu.com/manpages/...rootkit.1.html

Thank you responding

I note that rkhunter requires a command line browser for updates. I use Firefox. Will Terminal suffice?

I run rkhunter --update from the command line just fine; just did in fact. One of the data files was 'updated'. Just ensure that you have the program wget installed.

I have now updated the files. I needed to run rkhunter as root, i.e., using sudo.

I have wget on my machine. I was a little surprised that the programme is necessary because Firefox supports HTTPS and FTP so there are programmes on my machine that retrieve files from the internet.

Best wishes for the New Year

If you want to launch them from the application menu, right click the launcher button and click "edit applications". Select the menu you want to put the application in ("Utilities" is as good as any) and press the "New Item" Button at the top.

For rkhunter, fill the fields in like so:



To explain the command section. "konsole" is telling to open the konsole program. "--noclose" is telling the program not to close when it is finished running the script (so you can read the results), "--e" is telling konsole to execute the following command. "sudo rkhunter" is the command to open the program with root privileges. "-c" is the command to run the check" and "--sk" stops the enter prompt after every test and just runs it in full to the end. The last bit (--sk) is personal preference, delete it if you like it the other way. There are list of the options you can use in the man pages listed above but usually typing -h after any program name also lists them e.g. sudo rkhunter -h

When your done, click save and it should be the application menu. When you click it, a Konsole will open, ask for your password and then run the program.

For chkrootkit, the procedures is the same except in the "command" field, you would put

and name it differently.

Bings.

These are very clear and accurate instructions.

Just a couple of points. Rootkit hunter is given conditions, but is not told what to scan.
Checkroot is just told to run, but there are no conditions, or specified folders

I get the impression that under these conditions the programmes will scan the whole disk. Is that the best route for these programmes.

Best wishes

I don't really know the answers myself so I searched a bit.

Chkrootkit scans system files for signs of malicious alterations and checks them against a database of known rootkits.

Rkhunter (Rootkit Hunter) is an open source Unix/Linux based scanner tool for Linux systems released under GPL that scans backdoors, rootkits and local exploits on your systems.

It scans hidden files, wrong permissions set on binaries, suspicious strings in kernel etc

Thank you for the information.

Regarding the command lines that you gave, I note that I do not get a command prompt back at the end. Is there a modification to the command line that will return the command prompt?

On running rkhunter I see three warnings

checking /dev
checking for hidden files and directories
/usr/bin/unhide.rb

Are these warning false positives?

Yes.

/usr/bin/unhid.rb is a file used by Ruby, and it is supposed to be hidden.

Assuming the buttons are in the same place in 14.04 as they are in 17.10, change the command to

Then click the "advanced" tab and check the box which gives the option "run in terminal".

The best thing to do for warnings is copy paste them into a search engine. As you will see, this is a false positive.

Edit: That's not meant to be snarky. You just get an instant answer rather than waiting around for a forum reply

Thank you

Do you know why
checking /dev
checking for hidden files and directories
are given as warnings?