How to install skdet for rkhunter for Performing Suckit Rookit additional checks?
Clash Royale CLAN TAG#URR8PPP
up vote
0
down vote
favorite
OS: Linux Mint 18.2 Cinnamon 64-bit
Although I don't use the rkhunter
much, probably several times a year, today I decided to look at it.
I found in rkhunter
log:
/var/log/rkhunter.log
that it seems to lack some skdet
binary in the following section:
Performing Suckit Rookit additional checks
where it states, that:
Running skdet command [ Skipped ]
Info: Unable to find the 'skdet' command
Since there's no available package under this name, I wonder what it actually is, and quite frankly, how to install it?
rkhunter
add a comment |Â
up vote
0
down vote
favorite
OS: Linux Mint 18.2 Cinnamon 64-bit
Although I don't use the rkhunter
much, probably several times a year, today I decided to look at it.
I found in rkhunter
log:
/var/log/rkhunter.log
that it seems to lack some skdet
binary in the following section:
Performing Suckit Rookit additional checks
where it states, that:
Running skdet command [ Skipped ]
Info: Unable to find the 'skdet' command
Since there's no available package under this name, I wonder what it actually is, and quite frankly, how to install it?
rkhunter
add a comment |Â
up vote
0
down vote
favorite
up vote
0
down vote
favorite
OS: Linux Mint 18.2 Cinnamon 64-bit
Although I don't use the rkhunter
much, probably several times a year, today I decided to look at it.
I found in rkhunter
log:
/var/log/rkhunter.log
that it seems to lack some skdet
binary in the following section:
Performing Suckit Rookit additional checks
where it states, that:
Running skdet command [ Skipped ]
Info: Unable to find the 'skdet' command
Since there's no available package under this name, I wonder what it actually is, and quite frankly, how to install it?
rkhunter
OS: Linux Mint 18.2 Cinnamon 64-bit
Although I don't use the rkhunter
much, probably several times a year, today I decided to look at it.
I found in rkhunter
log:
/var/log/rkhunter.log
that it seems to lack some skdet
binary in the following section:
Performing Suckit Rookit additional checks
where it states, that:
Running skdet command [ Skipped ]
Info: Unable to find the 'skdet' command
Since there's no available package under this name, I wonder what it actually is, and quite frankly, how to install it?
rkhunter
asked Nov 4 '17 at 15:38
Vlastimil
6,4711147120
6,4711147120
add a comment |Â
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
0
down vote
accepted
It is not available in packaged version, since having an unclear license, and its use is limited to your own risk as stated here.
I have found it be hosted on some strangely named domain:
https://dvgevers.home.xs4all.nl/skdet/
And since I don't know if it will always be available there, I have just hosted it on my domain, untouched, see below backup links, if the originals become broken in time.
First make some directory for the files.
There are three files you will need:
skdet-1.0.tar.bz2 (Backup Link)
skdet-1.0.sha1 (Backup Link)
skdet-fix-includes.diff (Backup Link)
More conveniently, you can use e.g. wget
to download them directly from your terminal:
wget https://www.vlastimilburian.cz/public/skdet/skdet-1.0.tar.bz2
wget https://www.vlastimilburian.cz/public/skdet/skdet-1.0.sha1
wget https://www.vlastimilburian.cz/public/skdet/skdet-fix-includes.diff
Download them all to that directory you've created.
Extract the bzip
'ed file:
tar -xjf skdet-1.0.tar.bz2
It will expand one directory named skdet-1.0
.
Move the diff
file into that directory:
mv skdet-fix-includes.diff skdet-1.0/
Edit the sha1
file, so that the last line:
59bfb29bc1f7601027629453a39dc81508dd9df5 skdet-1.0/skdet-fix-includes.diff
has 2 spaces between the hash and file name, otherwise it would be skipped.
Then, let's check the integrity of those files:
sha1sum --check skdet-1.0.sha1
All should be OK.
Now, we need to apply the patch file:
cd skdet-1.0/
patch -p 1 < skdet-fix-includes.diff
It will say:
patching file src/skdet.c
patching file src/usage.c
We don't need the diff
file now:
rm skdet-fix-includes.diff
Though it already contains the binary pre-compiled, I rather compile myself, so...
make clean
Let's compile this thing already:
make
It will output one file named skdet
.
Just copy it where you like to have your own compiled binaries, for me:
sudo cp skdet /usr/local/bin/
And you're basically done.
Just update your rkhunter
's file properties database and virus database files:
sudo rkhunter --propupd
sudo rkhunter --update
Finally, after your rkhunter
command, for example:
sudo rkhunter --check --enable all --disable none --skip-keypress
Should result into such entry in the log file:
sudo cat /var/log/rkhunter.log | grep -B 6 -A 1 "skdet command"
[16:23:13] Performing additional rootkit checks
[16:23:13]
[16:23:13] Performing Suckit Rookit additional checks
[16:23:13] Checking hard link count on '/sbin/init' [ OK ]
[16:23:13] Checking for hidden file extensions [ None found ]
[16:23:13] Info: Found the 'skdet' command: /usr/local/bin/skdet
[16:23:13] Running skdet command [ OK ]
[16:23:13] Suckit Rookit additional checks [ OK ]
Voila!
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
accepted
It is not available in packaged version, since having an unclear license, and its use is limited to your own risk as stated here.
I have found it be hosted on some strangely named domain:
https://dvgevers.home.xs4all.nl/skdet/
And since I don't know if it will always be available there, I have just hosted it on my domain, untouched, see below backup links, if the originals become broken in time.
First make some directory for the files.
There are three files you will need:
skdet-1.0.tar.bz2 (Backup Link)
skdet-1.0.sha1 (Backup Link)
skdet-fix-includes.diff (Backup Link)
More conveniently, you can use e.g. wget
to download them directly from your terminal:
wget https://www.vlastimilburian.cz/public/skdet/skdet-1.0.tar.bz2
wget https://www.vlastimilburian.cz/public/skdet/skdet-1.0.sha1
wget https://www.vlastimilburian.cz/public/skdet/skdet-fix-includes.diff
Download them all to that directory you've created.
Extract the bzip
'ed file:
tar -xjf skdet-1.0.tar.bz2
It will expand one directory named skdet-1.0
.
Move the diff
file into that directory:
mv skdet-fix-includes.diff skdet-1.0/
Edit the sha1
file, so that the last line:
59bfb29bc1f7601027629453a39dc81508dd9df5 skdet-1.0/skdet-fix-includes.diff
has 2 spaces between the hash and file name, otherwise it would be skipped.
Then, let's check the integrity of those files:
sha1sum --check skdet-1.0.sha1
All should be OK.
Now, we need to apply the patch file:
cd skdet-1.0/
patch -p 1 < skdet-fix-includes.diff
It will say:
patching file src/skdet.c
patching file src/usage.c
We don't need the diff
file now:
rm skdet-fix-includes.diff
Though it already contains the binary pre-compiled, I rather compile myself, so...
make clean
Let's compile this thing already:
make
It will output one file named skdet
.
Just copy it where you like to have your own compiled binaries, for me:
sudo cp skdet /usr/local/bin/
And you're basically done.
Just update your rkhunter
's file properties database and virus database files:
sudo rkhunter --propupd
sudo rkhunter --update
Finally, after your rkhunter
command, for example:
sudo rkhunter --check --enable all --disable none --skip-keypress
Should result into such entry in the log file:
sudo cat /var/log/rkhunter.log | grep -B 6 -A 1 "skdet command"
[16:23:13] Performing additional rootkit checks
[16:23:13]
[16:23:13] Performing Suckit Rookit additional checks
[16:23:13] Checking hard link count on '/sbin/init' [ OK ]
[16:23:13] Checking for hidden file extensions [ None found ]
[16:23:13] Info: Found the 'skdet' command: /usr/local/bin/skdet
[16:23:13] Running skdet command [ OK ]
[16:23:13] Suckit Rookit additional checks [ OK ]
Voila!
add a comment |Â
up vote
0
down vote
accepted
It is not available in packaged version, since having an unclear license, and its use is limited to your own risk as stated here.
I have found it be hosted on some strangely named domain:
https://dvgevers.home.xs4all.nl/skdet/
And since I don't know if it will always be available there, I have just hosted it on my domain, untouched, see below backup links, if the originals become broken in time.
First make some directory for the files.
There are three files you will need:
skdet-1.0.tar.bz2 (Backup Link)
skdet-1.0.sha1 (Backup Link)
skdet-fix-includes.diff (Backup Link)
More conveniently, you can use e.g. wget
to download them directly from your terminal:
wget https://www.vlastimilburian.cz/public/skdet/skdet-1.0.tar.bz2
wget https://www.vlastimilburian.cz/public/skdet/skdet-1.0.sha1
wget https://www.vlastimilburian.cz/public/skdet/skdet-fix-includes.diff
Download them all to that directory you've created.
Extract the bzip
'ed file:
tar -xjf skdet-1.0.tar.bz2
It will expand one directory named skdet-1.0
.
Move the diff
file into that directory:
mv skdet-fix-includes.diff skdet-1.0/
Edit the sha1
file, so that the last line:
59bfb29bc1f7601027629453a39dc81508dd9df5 skdet-1.0/skdet-fix-includes.diff
has 2 spaces between the hash and file name, otherwise it would be skipped.
Then, let's check the integrity of those files:
sha1sum --check skdet-1.0.sha1
All should be OK.
Now, we need to apply the patch file:
cd skdet-1.0/
patch -p 1 < skdet-fix-includes.diff
It will say:
patching file src/skdet.c
patching file src/usage.c
We don't need the diff
file now:
rm skdet-fix-includes.diff
Though it already contains the binary pre-compiled, I rather compile myself, so...
make clean
Let's compile this thing already:
make
It will output one file named skdet
.
Just copy it where you like to have your own compiled binaries, for me:
sudo cp skdet /usr/local/bin/
And you're basically done.
Just update your rkhunter
's file properties database and virus database files:
sudo rkhunter --propupd
sudo rkhunter --update
Finally, after your rkhunter
command, for example:
sudo rkhunter --check --enable all --disable none --skip-keypress
Should result into such entry in the log file:
sudo cat /var/log/rkhunter.log | grep -B 6 -A 1 "skdet command"
[16:23:13] Performing additional rootkit checks
[16:23:13]
[16:23:13] Performing Suckit Rookit additional checks
[16:23:13] Checking hard link count on '/sbin/init' [ OK ]
[16:23:13] Checking for hidden file extensions [ None found ]
[16:23:13] Info: Found the 'skdet' command: /usr/local/bin/skdet
[16:23:13] Running skdet command [ OK ]
[16:23:13] Suckit Rookit additional checks [ OK ]
Voila!
add a comment |Â
up vote
0
down vote
accepted
up vote
0
down vote
accepted
It is not available in packaged version, since having an unclear license, and its use is limited to your own risk as stated here.
I have found it be hosted on some strangely named domain:
https://dvgevers.home.xs4all.nl/skdet/
And since I don't know if it will always be available there, I have just hosted it on my domain, untouched, see below backup links, if the originals become broken in time.
First make some directory for the files.
There are three files you will need:
skdet-1.0.tar.bz2 (Backup Link)
skdet-1.0.sha1 (Backup Link)
skdet-fix-includes.diff (Backup Link)
More conveniently, you can use e.g. wget
to download them directly from your terminal:
wget https://www.vlastimilburian.cz/public/skdet/skdet-1.0.tar.bz2
wget https://www.vlastimilburian.cz/public/skdet/skdet-1.0.sha1
wget https://www.vlastimilburian.cz/public/skdet/skdet-fix-includes.diff
Download them all to that directory you've created.
Extract the bzip
'ed file:
tar -xjf skdet-1.0.tar.bz2
It will expand one directory named skdet-1.0
.
Move the diff
file into that directory:
mv skdet-fix-includes.diff skdet-1.0/
Edit the sha1
file, so that the last line:
59bfb29bc1f7601027629453a39dc81508dd9df5 skdet-1.0/skdet-fix-includes.diff
has 2 spaces between the hash and file name, otherwise it would be skipped.
Then, let's check the integrity of those files:
sha1sum --check skdet-1.0.sha1
All should be OK.
Now, we need to apply the patch file:
cd skdet-1.0/
patch -p 1 < skdet-fix-includes.diff
It will say:
patching file src/skdet.c
patching file src/usage.c
We don't need the diff
file now:
rm skdet-fix-includes.diff
Though it already contains the binary pre-compiled, I rather compile myself, so...
make clean
Let's compile this thing already:
make
It will output one file named skdet
.
Just copy it where you like to have your own compiled binaries, for me:
sudo cp skdet /usr/local/bin/
And you're basically done.
Just update your rkhunter
's file properties database and virus database files:
sudo rkhunter --propupd
sudo rkhunter --update
Finally, after your rkhunter
command, for example:
sudo rkhunter --check --enable all --disable none --skip-keypress
Should result into such entry in the log file:
sudo cat /var/log/rkhunter.log | grep -B 6 -A 1 "skdet command"
[16:23:13] Performing additional rootkit checks
[16:23:13]
[16:23:13] Performing Suckit Rookit additional checks
[16:23:13] Checking hard link count on '/sbin/init' [ OK ]
[16:23:13] Checking for hidden file extensions [ None found ]
[16:23:13] Info: Found the 'skdet' command: /usr/local/bin/skdet
[16:23:13] Running skdet command [ OK ]
[16:23:13] Suckit Rookit additional checks [ OK ]
Voila!
It is not available in packaged version, since having an unclear license, and its use is limited to your own risk as stated here.
I have found it be hosted on some strangely named domain:
https://dvgevers.home.xs4all.nl/skdet/
And since I don't know if it will always be available there, I have just hosted it on my domain, untouched, see below backup links, if the originals become broken in time.
First make some directory for the files.
There are three files you will need:
skdet-1.0.tar.bz2 (Backup Link)
skdet-1.0.sha1 (Backup Link)
skdet-fix-includes.diff (Backup Link)
More conveniently, you can use e.g. wget
to download them directly from your terminal:
wget https://www.vlastimilburian.cz/public/skdet/skdet-1.0.tar.bz2
wget https://www.vlastimilburian.cz/public/skdet/skdet-1.0.sha1
wget https://www.vlastimilburian.cz/public/skdet/skdet-fix-includes.diff
Download them all to that directory you've created.
Extract the bzip
'ed file:
tar -xjf skdet-1.0.tar.bz2
It will expand one directory named skdet-1.0
.
Move the diff
file into that directory:
mv skdet-fix-includes.diff skdet-1.0/
Edit the sha1
file, so that the last line:
59bfb29bc1f7601027629453a39dc81508dd9df5 skdet-1.0/skdet-fix-includes.diff
has 2 spaces between the hash and file name, otherwise it would be skipped.
Then, let's check the integrity of those files:
sha1sum --check skdet-1.0.sha1
All should be OK.
Now, we need to apply the patch file:
cd skdet-1.0/
patch -p 1 < skdet-fix-includes.diff
It will say:
patching file src/skdet.c
patching file src/usage.c
We don't need the diff
file now:
rm skdet-fix-includes.diff
Though it already contains the binary pre-compiled, I rather compile myself, so...
make clean
Let's compile this thing already:
make
It will output one file named skdet
.
Just copy it where you like to have your own compiled binaries, for me:
sudo cp skdet /usr/local/bin/
And you're basically done.
Just update your rkhunter
's file properties database and virus database files:
sudo rkhunter --propupd
sudo rkhunter --update
Finally, after your rkhunter
command, for example:
sudo rkhunter --check --enable all --disable none --skip-keypress
Should result into such entry in the log file:
sudo cat /var/log/rkhunter.log | grep -B 6 -A 1 "skdet command"
[16:23:13] Performing additional rootkit checks
[16:23:13]
[16:23:13] Performing Suckit Rookit additional checks
[16:23:13] Checking hard link count on '/sbin/init' [ OK ]
[16:23:13] Checking for hidden file extensions [ None found ]
[16:23:13] Info: Found the 'skdet' command: /usr/local/bin/skdet
[16:23:13] Running skdet command [ OK ]
[16:23:13] Suckit Rookit additional checks [ OK ]
Voila!
edited Nov 4 '17 at 16:27
answered Nov 4 '17 at 15:38
Vlastimil
6,4711147120
6,4711147120
add a comment |Â
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f402521%2fhow-to-install-skdet-for-rkhunter-for-performing-suckit-rookit-additional-checks%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password