How to install skdet for rkhunter for Performing Suckit Rookit additional checks?

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
0
down vote

favorite












OS: Linux Mint 18.2 Cinnamon 64-bit



Although I don't use the rkhunter much, probably several times a year, today I decided to look at it.



I found in rkhunter log:



/var/log/rkhunter.log


that it seems to lack some skdet binary in the following section:



Performing Suckit Rookit additional checks


where it states, that:



Running skdet command [ Skipped ]
Info: Unable to find the 'skdet' command


Since there's no available package under this name, I wonder what it actually is, and quite frankly, how to install it?







share|improve this question
























    up vote
    0
    down vote

    favorite












    OS: Linux Mint 18.2 Cinnamon 64-bit



    Although I don't use the rkhunter much, probably several times a year, today I decided to look at it.



    I found in rkhunter log:



    /var/log/rkhunter.log


    that it seems to lack some skdet binary in the following section:



    Performing Suckit Rookit additional checks


    where it states, that:



    Running skdet command [ Skipped ]
    Info: Unable to find the 'skdet' command


    Since there's no available package under this name, I wonder what it actually is, and quite frankly, how to install it?







    share|improve this question






















      up vote
      0
      down vote

      favorite









      up vote
      0
      down vote

      favorite











      OS: Linux Mint 18.2 Cinnamon 64-bit



      Although I don't use the rkhunter much, probably several times a year, today I decided to look at it.



      I found in rkhunter log:



      /var/log/rkhunter.log


      that it seems to lack some skdet binary in the following section:



      Performing Suckit Rookit additional checks


      where it states, that:



      Running skdet command [ Skipped ]
      Info: Unable to find the 'skdet' command


      Since there's no available package under this name, I wonder what it actually is, and quite frankly, how to install it?







      share|improve this question












      OS: Linux Mint 18.2 Cinnamon 64-bit



      Although I don't use the rkhunter much, probably several times a year, today I decided to look at it.



      I found in rkhunter log:



      /var/log/rkhunter.log


      that it seems to lack some skdet binary in the following section:



      Performing Suckit Rookit additional checks


      where it states, that:



      Running skdet command [ Skipped ]
      Info: Unable to find the 'skdet' command


      Since there's no available package under this name, I wonder what it actually is, and quite frankly, how to install it?









      share|improve this question











      share|improve this question




      share|improve this question










      asked Nov 4 '17 at 15:38









      Vlastimil

      6,4711147120




      6,4711147120




















          1 Answer
          1






          active

          oldest

          votes

















          up vote
          0
          down vote



          accepted










          It is not available in packaged version, since having an unclear license, and its use is limited to your own risk as stated here.



          I have found it be hosted on some strangely named domain:



          https://dvgevers.home.xs4all.nl/skdet/



          And since I don't know if it will always be available there, I have just hosted it on my domain, untouched, see below backup links, if the originals become broken in time.



          First make some directory for the files.



          There are three files you will need:



          • skdet-1.0.tar.bz2 (Backup Link)


          • skdet-1.0.sha1 (Backup Link)


          • skdet-fix-includes.diff (Backup Link)


          More conveniently, you can use e.g. wget to download them directly from your terminal:



          wget https://www.vlastimilburian.cz/public/skdet/skdet-1.0.tar.bz2
          wget https://www.vlastimilburian.cz/public/skdet/skdet-1.0.sha1
          wget https://www.vlastimilburian.cz/public/skdet/skdet-fix-includes.diff


          Download them all to that directory you've created.



          Extract the bzip'ed file:



          tar -xjf skdet-1.0.tar.bz2


          It will expand one directory named skdet-1.0.



          Move the diff file into that directory:



          mv skdet-fix-includes.diff skdet-1.0/


          Edit the sha1 file, so that the last line:



          59bfb29bc1f7601027629453a39dc81508dd9df5 skdet-1.0/skdet-fix-includes.diff


          has 2 spaces between the hash and file name, otherwise it would be skipped.



          Then, let's check the integrity of those files:



          sha1sum --check skdet-1.0.sha1


          All should be OK.



          Now, we need to apply the patch file:



          cd skdet-1.0/
          patch -p 1 < skdet-fix-includes.diff


          It will say:



          patching file src/skdet.c
          patching file src/usage.c


          We don't need the diff file now:



          rm skdet-fix-includes.diff


          Though it already contains the binary pre-compiled, I rather compile myself, so...



          make clean


          Let's compile this thing already:



          make


          It will output one file named skdet.



          Just copy it where you like to have your own compiled binaries, for me:



          sudo cp skdet /usr/local/bin/


          And you're basically done.



          Just update your rkhunter's file properties database and virus database files:



          sudo rkhunter --propupd
          sudo rkhunter --update


          Finally, after your rkhunter command, for example:



          sudo rkhunter --check --enable all --disable none --skip-keypress


          Should result into such entry in the log file:



          sudo cat /var/log/rkhunter.log | grep -B 6 -A 1 "skdet command"

          [16:23:13] Performing additional rootkit checks
          [16:23:13]
          [16:23:13] Performing Suckit Rookit additional checks
          [16:23:13] Checking hard link count on '/sbin/init' [ OK ]
          [16:23:13] Checking for hidden file extensions [ None found ]
          [16:23:13] Info: Found the 'skdet' command: /usr/local/bin/skdet
          [16:23:13] Running skdet command [ OK ]
          [16:23:13] Suckit Rookit additional checks [ OK ]


          Voila!






          share|improve this answer






















            Your Answer







            StackExchange.ready(function()
            var channelOptions =
            tags: "".split(" "),
            id: "106"
            ;
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function()
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled)
            StackExchange.using("snippets", function()
            createEditor();
            );

            else
            createEditor();

            );

            function createEditor()
            StackExchange.prepareEditor(
            heartbeatType: 'answer',
            convertImagesToLinks: false,
            noModals: false,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: null,
            bindNavPrevention: true,
            postfix: "",
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            );



            );













             

            draft saved


            draft discarded


















            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f402521%2fhow-to-install-skdet-for-rkhunter-for-performing-suckit-rookit-additional-checks%23new-answer', 'question_page');

            );

            Post as a guest






























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes








            up vote
            0
            down vote



            accepted










            It is not available in packaged version, since having an unclear license, and its use is limited to your own risk as stated here.



            I have found it be hosted on some strangely named domain:



            https://dvgevers.home.xs4all.nl/skdet/



            And since I don't know if it will always be available there, I have just hosted it on my domain, untouched, see below backup links, if the originals become broken in time.



            First make some directory for the files.



            There are three files you will need:



            • skdet-1.0.tar.bz2 (Backup Link)


            • skdet-1.0.sha1 (Backup Link)


            • skdet-fix-includes.diff (Backup Link)


            More conveniently, you can use e.g. wget to download them directly from your terminal:



            wget https://www.vlastimilburian.cz/public/skdet/skdet-1.0.tar.bz2
            wget https://www.vlastimilburian.cz/public/skdet/skdet-1.0.sha1
            wget https://www.vlastimilburian.cz/public/skdet/skdet-fix-includes.diff


            Download them all to that directory you've created.



            Extract the bzip'ed file:



            tar -xjf skdet-1.0.tar.bz2


            It will expand one directory named skdet-1.0.



            Move the diff file into that directory:



            mv skdet-fix-includes.diff skdet-1.0/


            Edit the sha1 file, so that the last line:



            59bfb29bc1f7601027629453a39dc81508dd9df5 skdet-1.0/skdet-fix-includes.diff


            has 2 spaces between the hash and file name, otherwise it would be skipped.



            Then, let's check the integrity of those files:



            sha1sum --check skdet-1.0.sha1


            All should be OK.



            Now, we need to apply the patch file:



            cd skdet-1.0/
            patch -p 1 < skdet-fix-includes.diff


            It will say:



            patching file src/skdet.c
            patching file src/usage.c


            We don't need the diff file now:



            rm skdet-fix-includes.diff


            Though it already contains the binary pre-compiled, I rather compile myself, so...



            make clean


            Let's compile this thing already:



            make


            It will output one file named skdet.



            Just copy it where you like to have your own compiled binaries, for me:



            sudo cp skdet /usr/local/bin/


            And you're basically done.



            Just update your rkhunter's file properties database and virus database files:



            sudo rkhunter --propupd
            sudo rkhunter --update


            Finally, after your rkhunter command, for example:



            sudo rkhunter --check --enable all --disable none --skip-keypress


            Should result into such entry in the log file:



            sudo cat /var/log/rkhunter.log | grep -B 6 -A 1 "skdet command"

            [16:23:13] Performing additional rootkit checks
            [16:23:13]
            [16:23:13] Performing Suckit Rookit additional checks
            [16:23:13] Checking hard link count on '/sbin/init' [ OK ]
            [16:23:13] Checking for hidden file extensions [ None found ]
            [16:23:13] Info: Found the 'skdet' command: /usr/local/bin/skdet
            [16:23:13] Running skdet command [ OK ]
            [16:23:13] Suckit Rookit additional checks [ OK ]


            Voila!






            share|improve this answer


























              up vote
              0
              down vote



              accepted










              It is not available in packaged version, since having an unclear license, and its use is limited to your own risk as stated here.



              I have found it be hosted on some strangely named domain:



              https://dvgevers.home.xs4all.nl/skdet/



              And since I don't know if it will always be available there, I have just hosted it on my domain, untouched, see below backup links, if the originals become broken in time.



              First make some directory for the files.



              There are three files you will need:



              • skdet-1.0.tar.bz2 (Backup Link)


              • skdet-1.0.sha1 (Backup Link)


              • skdet-fix-includes.diff (Backup Link)


              More conveniently, you can use e.g. wget to download them directly from your terminal:



              wget https://www.vlastimilburian.cz/public/skdet/skdet-1.0.tar.bz2
              wget https://www.vlastimilburian.cz/public/skdet/skdet-1.0.sha1
              wget https://www.vlastimilburian.cz/public/skdet/skdet-fix-includes.diff


              Download them all to that directory you've created.



              Extract the bzip'ed file:



              tar -xjf skdet-1.0.tar.bz2


              It will expand one directory named skdet-1.0.



              Move the diff file into that directory:



              mv skdet-fix-includes.diff skdet-1.0/


              Edit the sha1 file, so that the last line:



              59bfb29bc1f7601027629453a39dc81508dd9df5 skdet-1.0/skdet-fix-includes.diff


              has 2 spaces between the hash and file name, otherwise it would be skipped.



              Then, let's check the integrity of those files:



              sha1sum --check skdet-1.0.sha1


              All should be OK.



              Now, we need to apply the patch file:



              cd skdet-1.0/
              patch -p 1 < skdet-fix-includes.diff


              It will say:



              patching file src/skdet.c
              patching file src/usage.c


              We don't need the diff file now:



              rm skdet-fix-includes.diff


              Though it already contains the binary pre-compiled, I rather compile myself, so...



              make clean


              Let's compile this thing already:



              make


              It will output one file named skdet.



              Just copy it where you like to have your own compiled binaries, for me:



              sudo cp skdet /usr/local/bin/


              And you're basically done.



              Just update your rkhunter's file properties database and virus database files:



              sudo rkhunter --propupd
              sudo rkhunter --update


              Finally, after your rkhunter command, for example:



              sudo rkhunter --check --enable all --disable none --skip-keypress


              Should result into such entry in the log file:



              sudo cat /var/log/rkhunter.log | grep -B 6 -A 1 "skdet command"

              [16:23:13] Performing additional rootkit checks
              [16:23:13]
              [16:23:13] Performing Suckit Rookit additional checks
              [16:23:13] Checking hard link count on '/sbin/init' [ OK ]
              [16:23:13] Checking for hidden file extensions [ None found ]
              [16:23:13] Info: Found the 'skdet' command: /usr/local/bin/skdet
              [16:23:13] Running skdet command [ OK ]
              [16:23:13] Suckit Rookit additional checks [ OK ]


              Voila!






              share|improve this answer
























                up vote
                0
                down vote



                accepted







                up vote
                0
                down vote



                accepted






                It is not available in packaged version, since having an unclear license, and its use is limited to your own risk as stated here.



                I have found it be hosted on some strangely named domain:



                https://dvgevers.home.xs4all.nl/skdet/



                And since I don't know if it will always be available there, I have just hosted it on my domain, untouched, see below backup links, if the originals become broken in time.



                First make some directory for the files.



                There are three files you will need:



                • skdet-1.0.tar.bz2 (Backup Link)


                • skdet-1.0.sha1 (Backup Link)


                • skdet-fix-includes.diff (Backup Link)


                More conveniently, you can use e.g. wget to download them directly from your terminal:



                wget https://www.vlastimilburian.cz/public/skdet/skdet-1.0.tar.bz2
                wget https://www.vlastimilburian.cz/public/skdet/skdet-1.0.sha1
                wget https://www.vlastimilburian.cz/public/skdet/skdet-fix-includes.diff


                Download them all to that directory you've created.



                Extract the bzip'ed file:



                tar -xjf skdet-1.0.tar.bz2


                It will expand one directory named skdet-1.0.



                Move the diff file into that directory:



                mv skdet-fix-includes.diff skdet-1.0/


                Edit the sha1 file, so that the last line:



                59bfb29bc1f7601027629453a39dc81508dd9df5 skdet-1.0/skdet-fix-includes.diff


                has 2 spaces between the hash and file name, otherwise it would be skipped.



                Then, let's check the integrity of those files:



                sha1sum --check skdet-1.0.sha1


                All should be OK.



                Now, we need to apply the patch file:



                cd skdet-1.0/
                patch -p 1 < skdet-fix-includes.diff


                It will say:



                patching file src/skdet.c
                patching file src/usage.c


                We don't need the diff file now:



                rm skdet-fix-includes.diff


                Though it already contains the binary pre-compiled, I rather compile myself, so...



                make clean


                Let's compile this thing already:



                make


                It will output one file named skdet.



                Just copy it where you like to have your own compiled binaries, for me:



                sudo cp skdet /usr/local/bin/


                And you're basically done.



                Just update your rkhunter's file properties database and virus database files:



                sudo rkhunter --propupd
                sudo rkhunter --update


                Finally, after your rkhunter command, for example:



                sudo rkhunter --check --enable all --disable none --skip-keypress


                Should result into such entry in the log file:



                sudo cat /var/log/rkhunter.log | grep -B 6 -A 1 "skdet command"

                [16:23:13] Performing additional rootkit checks
                [16:23:13]
                [16:23:13] Performing Suckit Rookit additional checks
                [16:23:13] Checking hard link count on '/sbin/init' [ OK ]
                [16:23:13] Checking for hidden file extensions [ None found ]
                [16:23:13] Info: Found the 'skdet' command: /usr/local/bin/skdet
                [16:23:13] Running skdet command [ OK ]
                [16:23:13] Suckit Rookit additional checks [ OK ]


                Voila!






                share|improve this answer














                It is not available in packaged version, since having an unclear license, and its use is limited to your own risk as stated here.



                I have found it be hosted on some strangely named domain:



                https://dvgevers.home.xs4all.nl/skdet/



                And since I don't know if it will always be available there, I have just hosted it on my domain, untouched, see below backup links, if the originals become broken in time.



                First make some directory for the files.



                There are three files you will need:



                • skdet-1.0.tar.bz2 (Backup Link)


                • skdet-1.0.sha1 (Backup Link)


                • skdet-fix-includes.diff (Backup Link)


                More conveniently, you can use e.g. wget to download them directly from your terminal:



                wget https://www.vlastimilburian.cz/public/skdet/skdet-1.0.tar.bz2
                wget https://www.vlastimilburian.cz/public/skdet/skdet-1.0.sha1
                wget https://www.vlastimilburian.cz/public/skdet/skdet-fix-includes.diff


                Download them all to that directory you've created.



                Extract the bzip'ed file:



                tar -xjf skdet-1.0.tar.bz2


                It will expand one directory named skdet-1.0.



                Move the diff file into that directory:



                mv skdet-fix-includes.diff skdet-1.0/


                Edit the sha1 file, so that the last line:



                59bfb29bc1f7601027629453a39dc81508dd9df5 skdet-1.0/skdet-fix-includes.diff


                has 2 spaces between the hash and file name, otherwise it would be skipped.



                Then, let's check the integrity of those files:



                sha1sum --check skdet-1.0.sha1


                All should be OK.



                Now, we need to apply the patch file:



                cd skdet-1.0/
                patch -p 1 < skdet-fix-includes.diff


                It will say:



                patching file src/skdet.c
                patching file src/usage.c


                We don't need the diff file now:



                rm skdet-fix-includes.diff


                Though it already contains the binary pre-compiled, I rather compile myself, so...



                make clean


                Let's compile this thing already:



                make


                It will output one file named skdet.



                Just copy it where you like to have your own compiled binaries, for me:



                sudo cp skdet /usr/local/bin/


                And you're basically done.



                Just update your rkhunter's file properties database and virus database files:



                sudo rkhunter --propupd
                sudo rkhunter --update


                Finally, after your rkhunter command, for example:



                sudo rkhunter --check --enable all --disable none --skip-keypress


                Should result into such entry in the log file:



                sudo cat /var/log/rkhunter.log | grep -B 6 -A 1 "skdet command"

                [16:23:13] Performing additional rootkit checks
                [16:23:13]
                [16:23:13] Performing Suckit Rookit additional checks
                [16:23:13] Checking hard link count on '/sbin/init' [ OK ]
                [16:23:13] Checking for hidden file extensions [ None found ]
                [16:23:13] Info: Found the 'skdet' command: /usr/local/bin/skdet
                [16:23:13] Running skdet command [ OK ]
                [16:23:13] Suckit Rookit additional checks [ OK ]


                Voila!







                share|improve this answer














                share|improve this answer



                share|improve this answer








                edited Nov 4 '17 at 16:27

























                answered Nov 4 '17 at 15:38









                Vlastimil

                6,4711147120




                6,4711147120



























                     

                    draft saved


                    draft discarded















































                     


                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function ()
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f402521%2fhow-to-install-skdet-for-rkhunter-for-performing-suckit-rookit-additional-checks%23new-answer', 'question_page');

                    );

                    Post as a guest













































































                    Popular posts from this blog

                    How to check contact read email or not when send email to Individual?

                    Displaying single band from multi-band raster using QGIS

                    How many registers does an x86_64 CPU actually have?