centos 5.3安装RootKit Hunter  与使用－－－－原创

[root@localhost voilet]# wget http://cdnetworks-kr-2.dl.sourceforge.net/project/rkhunter/rkhunter/1.3.6/rkhunter-1.3.6.tar.gz

[root@localhost voilet]# tar -zxvf rkhunter-1.3.6

[root@localhost voilet]# cd rkhunter-1.3.6

[root@localhost rkhunter-1.3.6]# ./installer.sh --install

[root@localhost rkhunter-1.3.6]# /usr/local/bin/rkhunter --help

--checkall (-c)           :全系统检测，rkhunter 的所有检测項目
--createlogfile           :建立日志，一般存放在 /var/log/rkhunter.log
--cronjob                 :可以使用 crontab 來执行，不会有颜色显示
--report-warnings-only    :列出警告信息，正常信息不列出！
--skip-application-check  :忽略套件版本检测(如果您已确定系统的套件已patch)
--skip-keypress           :忽略按键后继续运行
--quiet                   :显示提示信息，比 --report-warnings-only 要少
--versioncheck            :检测是否有新的版本

Usage: rkhunter {--check | --unlock | --update | --versioncheck |
                 --propupd [{filename | directory | package name},...] |
                 --list [{tests | {lang | languages} | rootkits}] |
                 --version | --help} [options]

Current options are:
         --append-log                  Append to the logfile, do not overwrite
         --bindir ...       Use the specified command directories
     -c, --check                       Check the local system
  --cs2, --color-set2                  Use the second color set for output
         --configfile            Use the specified configuration file
         --cronjob                     Run as a cron job
                                       (implies -c, --sk and --nocolors options)
         --dbdir            Use the specified database directory
         --debug                       Debug mode
                                       (Do not use unless asked to do so)
         --disable [,...]  Disable specific tests
                                       (Default is to disable no tests)
         --display-logfile             Display the logfile at the end
         --enable  [,...]  Enable specific tests
                                       (Default is to enable all tests)
         --hash {MD5 | SHA1 | SHA224 | SHA256 | SHA384 | SHA512 |
                 NONE | }     Use the specified file hash function
                                       (Default is SHA1, then MD5)
     -h, --help                        Display this help menu, then exit
--lang, --language          Specify the language to use
                                       (Default is English)
         --list [tests | languages |   List the available test names, languages,
                 rootkits]             or checked for rootkits, then exit
     -l, --logfile [file]              Write to a logfile
                                       (Default is /var/log/rkhunter.log)
         --noappend-log                Do not append to the logfile, overwrite it
         --nocolors                    Use black and white output
         --nolog                       Do not write to a logfile
--nomow, --no-mail-on-warning          Do not send a message if warnings occur
   --ns, --nosummary                   Do not show the summary of check results
--novl, --no-verbose-logging          No verbose logging
         --pkgmgr {RPM | DPKG | BSD |  Use the specified package manager to obtain or
                   NONE}               verify file hash values. (Default is NONE)
         --propupd [file | directory | Update the entire file properties database,
                    package]...        or just for the specified entries
     -q, --quiet                       Quiet mode (no output at all)
  --rwo, --report-warnings-only        Show only warning messages
     -r, --rootdir          Use the specified root directory
   --sk, --skip-keypress               Don't wait for a keypress after each test
         --summary                     Show the summary of system check results
                                       (This is the default)
         --syslog [facility.priority]  Log the check start and finish times to syslog
                                       (Default level is authpriv.notice)
         --tmpdir           Use the specified temporary directory
         --unlock                      Unlock (remove) the lock file
         --update                      Check for updates to database files
   --vl, --verbose-logging             Use verbose logging (on by default)
     -V, --version                     Display the version number, then exit
         --versioncheck                Check for latest version of program
     -x, --autox                       Automatically detect if X is in use
     -X, --no-autox                    Do not automatically detect if X is in use

[root@localhost rkhunter-1.3.6]# /usr/local/bin/rkhunter --checkall
[ Rootkit Hunter version 1.3.6 ]

Checking system commands...

  Performing 'strings' command checks
    Checking 'strings' command                               [ OK ]

  Performing 'shared libraries' checks
    Checking for preloading variables                        [ None found ]
    Checking for preloaded libraries                         [ None found ]
    Checking LD_LIBRARY_PATH variable                        [ Not found ]

  Performing file properties checks
    Checking for prerequisites                               [ Warning ]
    /bin/awk                                                 [ OK ]
    /bin/basename                                            [ OK ]
    /bin/bash                                                [ OK ]
    /bin/cat                                                 [ OK ]
    /bin/chmod                                               [ OK ]
    /bin/chown                                               [ OK ]
    /bin/cp                                                  [ OK ]
    /bin/csh                                                 [ OK ]
    /bin/cut                                                 [ OK ]