Here’s how to install the Skdet dependency for RKHunter.

  1. Download the following files:

    1. skdet-1.0.sha1
    2. skdet-1.0.tar.bz2
    3. skdet-fix-includes.diff
  2. Extract the archive:

    tar -jxf skdet-1.0.tar.bz2
  3. Copy the .diff file into the skdet-1.0/ directory.

  4. Update the skdet-1.0.sha1 file and add an extra space between the sha1 for the diff file and the file name. (otherwise the check won’t run against it.)

  5. Go into the skdet-1.0/ directory and run:

    make clean

    This will remove any previously compiled files.

  6. Check the sha1 values of all files from the parent directory of the skdet-1.0 directory:

    sha1sum skdet-1.0.sha1
  7. Make the skdet library with:

  8. Verify that the skdet library works with:

    sudo skdet -c
  9. Copy the skdet executable somewhere on your path with root priviledges:

  10. Run a RKHunter scan with:

    sudo rkhunter -c --sk

    You should see this in your summary for your scan in the /var/log/rkhunter.log file:

    Info: Found the 'skdet' command: /usr/bin/skdet
         Running skdet command                         [ OK ]
         Suckit Rookit additional checks               [ OK ]

    You should get the following error:

    Warning: The file '/usr/bin/skdet' exists on the system, but it is not present in the 'rkhunter.dat' file.
  11. Update your data file with:

    sudo rkhunter --propupd

    And you should see something like:

    [ Rootkit Hunter version 1.4.0 ]
    File updated: searched for 168 files, found 138

    And you’re done.