rkhunter

Would there by any chance be a gui for rkhunter. I am finding terminal for this program a whole lot difficult.

Unfortunately none seems to exist and since it’s a 3rd party tool (meaning not made by SUSE people or even contributors here or OBS) there’s not much we can do about it unless someone wants to take up the torch and create one from scratch (with modern toolkits it shouldn’t be that big of a mission but still…)

I find the rkhunter usage not very difficult.
I usually install it just after OS Installation. Than launch it some times so:

rkhunter --versioncheck
rkhunter --update
rkhunter --propupd
rkhunter -c --rwo --sk --lang de

Then I suppose it runs in background

More difficult I find:
a) hot to get the output as email
b) to interpret the its output

By, geppino

this was found in repos.

one way or another I want to learn how to use it.

Naturally but rkhunter is not made by SUSE personnel or anyone related to it, it’s made by a 3rd party development team.

It’s just packaged for openSUSE, much like it is packaged for Ubuntu, RedHat etc.

what do these commands do…
rkhunter --propupd
rkhunter -c --rwo --sk --lang de

is there any way to make this do a manual scan?

Doesn’t it come with a man page

man rkhunter

thank you…

I keep getting “permissions denied” the sudo command fixes that, but then I get commands not found.

Im going to learn how to use this program yet…

Please do not (only) tell stories, but copy/paste what you do and see (the prompt, the command, the output and the next prompt) from your terminal emulation window in your post between CODE tags. You get the CODE tags by clicking on the # button in the tool bar of the post editor.

There is then far less to explain by you because we can all see exactly what you did and what you got.

And to “become root” in the terminal, you can do

su -

mind the - there.

Managed to update and scan but now there is a log file that I am to look at. I don’t know what program I am to use to open it. There is a padlock on the file itself.

Huh??? What do you mean with that?

Did you try to open it with an editor?

Or try to find out what sort of fiile it is

file <path-to-the-file>

Again, you tell things, but you do NOT show anything. Thus I can not use it’s name, but used instead. To inform us about it, a

ls -l <path-to-the-file>

would help here.

I do not know how to do these things that you are referring to.

Given the premise, that some time in the (near) future, the content of the log file will be read by the OP, maybe this might be some information worth considering in general.

https://en.wikipedia.org/wiki/Antivirus_software#Problems_caused_by_false_positives

(And I suspect that will be the time this thread gets really funny).

AK

You mean you are not able to type those commands?

You were already typing commands (as root) to run rkhunter, how comes you are now unable to carry on? You know the file name of the log. thus do an ls and a file of it.

Else I am afraid the usage of rkhunter, which is a command line tool to be used by system managers/administrators, is beyond your present capacities.

And yes, Akoellh has a point. While I think that checking for root kits is a bit more useful then the useless checking for viruses on a Linux system, you really must be able to interpret what you find. It will take time to get enough experience with the product and how several mechanisms in your system function, to apply it with any chance of success.

I wouldn’t expect rkhunter to have changed much over time or on different distros, so you can do a Google search and just about every article about rkhunter will likely be helpful. Just don’t bother with anything that describes installation, because you’ve already installed from the openSUSE repos.

So,
The MAN pages are generally considered authoritative for their applications in general, but are as a rule also very minimalist. Many beginners find it difficult to read MAN pages, but should still try. A published rkhunter MAN page is at

https://linux.die.net/man/8/rkhunter

When you install any new application, it’s often useful to inspect the configuration file, because it describes how the application is configured to work. Sometimes you will want to modify some of the settings in the file for your own situation. Whenever you want to view text files (configuration files are usually text files, and log files often are, too), there are several commands you can use… popular choices are “cat” and “less” to view only but if you want to modify, you can use vim. For example

cat /etc/rkhunter.conf

Besides the commands “cat” and “less,” you can also open the file using a graphical text editor like the following command from your console, but I’d encourage you to instead try getting used to using non-graphical tools instead, you’ll be able to do things much faster once you get the hang of it

(From a root console)

kwrite /etc/rkhunter.conf

Besides the MAN pages, it looks like there is some additional help files installed at the following locations. Typically the FAQ and README files contain helpful information, since they are text files you can open these files like how I described above.

/usr/share/doc/packages/rkhunter-1.4.2/ACKNOWLEDGMENTS/usr/share/doc/packages/rkhunter-1.4.2/CHANGELOG
/usr/share/doc/packages/rkhunter-1.4.2/FAQ
/usr/share/doc/packages/rkhunter-1.4.2/LICENSE
/usr/share/doc/packages/rkhunter-1.4.2/README
/usr/share/doc/packages/rkhunter-1.4.2/README.SUSE

A good beginner introduction to rkhunter is at the following

https://www.tecmint.com/install-rootkit-hunter-scan-for-rootkits-backdoors-in-linux/

The Internet is also a good source for any questions, like what “rkhhunter --propupd” is supposed to do, it creates the base metadata any future scans are compared against.

https://sourceforge.net/p/rkhunter/wiki/propupd/

HTH,
TSU