Here’s how to install the Skdet dependency for RKHunter.

  1. Download the following files:

    1. skdet-1.0.sha1
    2. skdet-1.0.tar.bz2
    3. skdet-fix-includes.diff
  2. Extract the archive: {.scrollx} tar -jxf skdet-1.0.tar.bz2

  3. Copy the .diff file into the skdet-1.0/ directory.

  4. Update the skdet-1.0.sha1 file and add an extra space between the sha1 for the diff file and the file name. (otherwise the check won’t run against it.)

  5. Go into the skdet-1.0/ directory and run: {.scrollx} make clean

    This will remove any previously compiled files.

  6. Check the sha1 values of all files from the parent directory of the skdet-1.0 directory: {.scrollx} sha1sum skdet-1.0.sha1

  7. Make the skdet library with:

  8. Verify that the skdet library works with: {.scrollx} sudo skdet -c

  9. Copy the skdet executable somewhere on your path with root priviledges: {.scrollx} /usr/bin

  10. Run a RKHunter scan with: {.scrollx} sudo rkhunter -c --sk

    You should see this in your summary for your scan in the /var/log/rkhunter.log file: {.scrollx} Info: Found the 'skdet' command: /usr/bin/skdet Running skdet command [ OK ] Suckit Rookit additional checks [ OK ]

    You should get the following error:

    Warning: The file '/usr/bin/skdet' exists on the system, but it is not present in the 'rkhunter.dat' file.
  11. Update your data file with:

    sudo rkhunter --propupd

    And you should see something like:

    [ Rootkit Hunter version 1.4.0 ]
    File updated: searched for 168 files, found 138

    And you’re done.