Install rkhunter (Rootkit Hunter) in Linux

Rootkit Hunter

Rootkit scanner is scanning tool to ensure you for about 99.9%* you’re clean of nasty tools. This tool scans for rootkits, backdoors and local exploits by running tests like:

– MD5 hash compare
– Look for default files used by rootkits
– Wrong file permissions for binaries
– Look for suspected strings in LKM and KLD modules
– Look for hidden files
– Optional scan within plaintext and binary files

Installation:

yum install rkhunter

or

cd /usr/local/src
wget http://scripts.hostxnow.com/rkhunter-1.4.0.tar.gz
tar -xzf rkhunter-1.4.0.tar.gz
cd rkhunter-1.4.0
./installer.sh --install

Update rkhunter after installation.

rkhunter --update

Scanning:

You can run a scan using the following command

rkhunter -c

You can view all the available options with rkhunter using the following command

rkhunter --help

If you want to skip the interactive prompts, add the -sk option at the end:

rkhunter -c -sk

Setup Daily Scan Report:

You can setup a daily scan report by using a cron as like follows.

nano /etc/cron.weekly/rkhunter.sh

#!/bin/sh
( /usr/bin/rkhunter --versioncheck
/usr/bin/rkhunter --update
/usr/bin/rkhunter --cronjob --summary
) | /bin/mail -s "rkhunter (Corp)" [email protected]

chmod 750 /etc/cron.weekly/rkhunter.sh

You may need to change scripts path in /etc/rkhunter.conf

SCRIPTDIR=/usr/lib64/rkhunter/scripts

Author: Christopher Smith

I managed websites.

Leave a Reply

Your email address will not be published. Required fields are marked *