Install rkhunter (Rootkit Hunter) in Linux

Install rkhunter (Rootkit Hunter) in Linux

Rootkit Hunter

Rootkit scanner is scanning tool to ensure you for about 99.9%* you're clean of nasty tools. This tool scans for rootkits, backdoors and local exploits by running tests like:

- MD5 hash compare
- Look for default files used by rootkits
- Wrong file permissions for binaries
- Look for suspected strings in LKM and KLD modules
- Look for hidden files
- Optional scan within plaintext and binary files


root@server [~]# cd /usr/local/src
root@server [/usr/local/src]# wget
root@server [/usr/local/src]# tar -xzf rkhunter-1.4.0.tar.gz
root@server [/usr/local/src]# cd rkhunter-1.4.0
root@server [/usr/local/src/rkhunter-1.4.0]# ./ --install

Update rkhunter after installation.

root@server [~]# rkhunter --update


You can run a scan using the following command

root@server [~]# rkhunter -c

You can view all the available options with rkhunter using the following command

root@server [~]# rkhunter --help

If you want to skip the interactive prompts, add the -sk option at the end:

root@server [~]# rkhunter -c -sk

Setup Daily Scan Report:

You can setup a daily scan report by using a cron as like follows.

create a file named /etc/cron.daily/ with the following script.


( /usr/local/bin/rkhunter --versioncheck
/usr/local/bin/rkhunter --update
/usr/local/bin/rkhunter --cronjob --report-warnings-only
) | /usr/bin/mail -s "rkhunter output"

root@server [~]# chmod 750 /etc/cron.daily/

That's it...

This entry was posted by Arun Ghosh. Bookmark the permalink.