Install rkhunter (Rootkit Hunter) in Linux


Install rkhunter (Rootkit Hunter) in Linux


Rootkit Hunter

Rootkit scanner is scanning tool to ensure you for about 99.9%* you're clean of nasty tools. This tool scans for rootkits, backdoors and local exploits by running tests like:

- MD5 hash compare
- Look for default files used by rootkits
- Wrong file permissions for binaries
- Look for suspected strings in LKM and KLD modules
- Look for hidden files
- Optional scan within plaintext and binary files


Installation:


root@server [~]# cd /usr/local/src
root@server [/usr/local/src]# wget http://ncu.dl.sourceforge.net/project/rkhunter/rkhunter/1.4.0/rkhunter-1.4.0.tar.gz
root@server [/usr/local/src]# tar -xzf rkhunter-1.4.0.tar.gz
root@server [/usr/local/src]# cd rkhunter-1.4.0
root@server [/usr/local/src/rkhunter-1.4.0]# ./installer.sh --install

Update rkhunter after installation.

root@server [~]# rkhunter --update

Scanning:

You can run a scan using the following command

root@server [~]# rkhunter -c

You can view all the available options with rkhunter using the following command

root@server [~]# rkhunter --help

If you want to skip the interactive prompts, add the -sk option at the end:

root@server [~]# rkhunter -c -sk


Setup Daily Scan Report:

You can setup a daily scan report by using a cron as like follows.

create a file named /etc/cron.daily/rkhunter.sh with the following script.

==========================================================
#!/bin/sh

( /usr/local/bin/rkhunter --versioncheck
/usr/local/bin/rkhunter --update
/usr/local/bin/rkhunter --cronjob --report-warnings-only
) | /usr/bin/mail -s "rkhunter output" admin@yourdomain.com

==========================================================
root@server [~]# chmod 750 /etc/cron.daily/rkhunter.sh


That's it...

This entry was posted by Arun Ghosh. Bookmark the permalink.