Here’s how to install the Skdet dependency for RKHunter.
Download the following files:
Extract the archive:
tar -jxf skdet-1.0.tar.bz2
Copy the .diff file into the skdet-1.0/ directory.
Update the skdet-1.0.sha1 file and add an extra space between the sha1 for the diff file and the file name. (otherwise the check won’t run against it.)
Go into the skdet-1.0/ directory and run:
This will remove any previously compiled files.
Check the sha1 values of all files from the parent directory of the skdet-1.0 directory:
Make the skdet library with:
Verify that the skdet library works with:
sudo skdet -c
Copy the skdet executable somewhere on your path with root priviledges:
Run a RKHunter scan with:
sudo rkhunter -c --sk
You should see this in your summary for your scan in the /var/log/rkhunter.log file:
Info: Found the 'skdet' command: /usr/bin/skdet Running skdet command [ OK ] Suckit Rookit additional checks [ OK ]
You should get the following error:
Warning: The file '/usr/bin/skdet' exists on the system, but it is not present in the 'rkhunter.dat' file.
Update your data file with:
sudo rkhunter --propupd
And you should see something like:
[ Rootkit Hunter version 1.4.0 ] File updated: searched for 168 files, found 138
And you’re done.