Searching for rootkits with rkhunter on CentOS 7

The videos are getting more beautiful, and harder to make... They look awesome and makes learning great!!

Your video lessons on Plural Sight is Superb..

this video has amazing information and so clear. today I learned so much about linux especially security. thanks for all working

I strongly recommend AGAINST messing with things like chkrootkit, rkhunter, etc. Having professionally run thousands of Linux machines since the mid 90's for small and big companies which you have heard of I have never once found malware on a Linux box. I have seen intrusions via guessed paswords and Apache Struts vulnerabilities and similar and I've seen DDoS software etc installed in a very obvious way. But I've never seen anything which would have been detected by chkrootkit or rkhunter. And what was installed would not have been prevented (not just detected but prevented) entirely by SELinux. I have been unable to find anyone who ever actually found something other than a false positive using this tool. You are better off using more powerful security tools like SELinux or osquery for FIM if that's what you want. If you worry about your ps and ls etc being somehow backdoored you want SELinux and FIM such as osquery.
When you run rkhunter it tells you what it is looking for. I googled the first 12. Everything that came up seems to be referencing
the fact that rkhunter looks for these things. I also checked out when each of these were current threats:
55808 Trojan - Variant A [ Not found ] 2003
ADM Worm [ Not found ] 1998
AjaKit Rootkit [ Not found ] Couldn't find a date for this one or any references at all really except in rkhunter.
Adore Rootkit [ Not found ] 2004
aPa Kit [ Not found ] Couldn't find a date for this one either.
Apache Worm [ Not found ] 2002
Ambient (ark) Rootkit [ Not found ] 2000
Balaur Rootkit [ Not found ] 1999
BeastKit Rootkit [ Not found ] 2002
beX2 Rootkit [ Not found ] Couldn't find a date
BOBKit Rootkit [ Not found ] 2002
cb Rootkit [ Not found ] Couldn't find a date
2004 being the most recent one I could identify. That's 15 years ago.
If you are running a system vulnerable to 15 year old (or older)
malware you get what you deserve. But so far through my googling I
couldn't find where anyone said that rkhunter had actually found
anything. I found a number of false positives though. Even on my system
it found a false positive:
[00:59:32] Warning: Network TCP port 7000 is being used by /usr/bin/ssh. Possible rootkit: Possible rogue IRC bot
Use the 'lsof -i' or 'netstat -an' command to check this.
I checked it out and port 7000 is one of my standard port forwards to
access a service on an internal network when I connect to the bastion
host. So that's legit.
I am even more convinced that this is nothing more than cargo cult
security and a bit of the Windows antivirus scanner mentality leaking
over into Linux. If you harden your box, keep SELinux enabled, require
pubkey and don't allow root ssh login, you won't need this stuff and if
you ever do need it the chances of it actually finding anything modern
are very slim. So far there is no evidence that anyone has actually used
these things to find a rootkit.
And if you are ever so concerned that you have been compromised that
you resort to running rkhunter you had better just reinstall the box
anyway.

Keep the subtitles for Spain people like me help a lot

Thank you very much! Great video!

Thanks.. I was using it on Cpanel servers..

Thank you