Integrated rkhunter for comprehensive rootkit/backdoor/exploit detection
alongside existing ImunifyAV, ClamAV, and Maldet scanners.
Features:
- Detection: is_rkhunter_installed() checks for installation
- Installation: Auto-enables EPEL, installs rkhunter, updates definitions
- Baseline: Initializes property database with --propupd
- Scanning: Uses --check --skip-keypress --report-warnings-only
- Reporting: Tracks warnings and detected rootkits
- Documentation: Added to installation guide with full instructions
Integration points:
- detect_scanners(): Added rkhunter to available scanners list
- show_scanner_installation_guide(): Added installation instructions
- install_all_scanners(): Added [4/4] installation with EPEL setup
- Standalone scanner: Added rkhunter detection and scan case
Scan behavior:
- Updates rootkit definitions before each scan
- Runs comprehensive system checks (no user interaction)
- Reports warnings count in summary
- Extracts found rootkits to infected_list
- Runs sequentially with other scanners
Research: Based on 2024-2025 best practices from rkhunter documentation
- Version: 1.4.6 (current stable)
- Free and open source
- Available in EPEL repository
cschantz
ce3a3857c5