Skdet dependency for RKHunter

Here’s how to install the Skdet dependency for RKHunter.

1. Download the following files:

   1. skdet-1.0.sha1
   2. skdet-1.0.tar.bz2
   3. skdet-fix-includes.diff

2. Extract the archive: {.scrollx} tar -jxf skdet-1.0.tar.bz2

3. Copy the .diff file into the skdet-1.0/ directory.

4. Update the skdet-1.0.sha1 file and add an extra space between the sha1 for the diff file and the file name. (otherwise the check won’t run against it.)

5. Go into the skdet-1.0/ directory and run: {.scrollx} make clean

   This will remove any previously compiled files.

6. Check the sha1 values of all files from the parent directory of the skdet-1.0 directory: {.scrollx} sha1sum skdet-1.0.sha1

7. Make the skdet library with:

   make

8. Verify that the skdet library works with: {.scrollx} sudo skdet -c

9. Copy the skdet executable somewhere on your path with root priviledges: {.scrollx} /usr/bin

10. Run a RKHunter scan with: {.scrollx} sudo rkhunter -c --sk

    You should see this in your summary for your scan in the /var/log/rkhunter.log file: {.scrollx} Info: Found the 'skdet' command: /usr/bin/skdet Running skdet command [ OK ] Suckit Rookit additional checks [ OK ]

    You should get the following error:

    Warning: The file '/usr/bin/skdet' exists on the system, but it is not present in the 'rkhunter.dat' file.

11. Update your data file with:

    sudo rkhunter --propupd

    And you should see something like:

    [ Rootkit Hunter version 1.4.0 ]
    File updated: searched for 168 files, found 138

    And you’re done.