Rootkit Hunter (rkhunter) is a Unix-based tool that scans for rootkits, backdoors and possible local exploits. It does this by comparing SHA-1 hashes of important files with known good ones in online database, searching for default directories (of rootkits), wrong permissions, hidden files, suspicious strings in kernel modules, and special tests for Linux and FreeBSD.
Installation rkhunter in 5 steps
Step 1: Download rkhunter
Login your server as root, and type the following command
wget http://biznetnetworks.dl.sourceforge.net/project/rkhunter/rkhunter/1.3.8/rkhunter-1.3.8.tar.gz
Step 2: Extract rkhunter
tar -zxvf rkhunter-1.3.8.tar.gz
Step 3: Install rkhunter
cd rkhunter-1.3.8 sh installer.sh --install
The screen as shown:
Checking system for: Rootkit Hunter installer files: found A web file download command: wget found Starting update: Checking installation directory "/usr/local": it exists and is writable. Checking installation directories: Directory /usr/local/share/doc/rkhunter-1.3.8: exists and is writable. Directory /usr/local/share/man/man8: exists and is writable. Directory /etc: exists and is writable. Directory /usr/local/bin: exists and is writable. Directory /usr/local/lib: exists and is writable. Directory /var/lib: exists and is writable. Directory /usr/local/lib/rkhunter/scripts: exists and is writable. Directory /var/lib/rkhunter/db: exists and is writable. Directory /var/lib/rkhunter/tmp: exists and is writable. Directory /var/lib/rkhunter/db/i18n: exists and is writable. Installing check_modules.pl: OK Installing filehashsha.pl: OK Installing stat.pl: OK Installing readlink.sh: OK Installing backdoorports.dat: OK Installing mirrors.dat: OK Installing programs_bad.dat: OK Installing suspscan.dat: OK Installing rkhunter.8: OK Installing ACKNOWLEDGMENTS: OK Installing CHANGELOG: OK Installing FAQ: OK Installing LICENSE: OK Installing README: OK Installing language support files: OK Installing rkhunter: OK Installing rkhunter.conf in no-clobber mode: OK >>> >>> PLEASE NOTE: inspect for update changes in "/etc/rkhunter.conf.24761", >>> and apply to either "/etc/rkhunter.conf" or your local configuration >>> file before running Rootkit Hunter. >>> Update complete
Step 4: Update rkhunter
At prompt type the following command
rkhunter --update
Step 5:Adding daily cron job
If you want get a mail daily with a status on your system, you need to do the following in steps:
Create file rkhunter.sh
vi /etc/cron.daily/rkhunter.sh
Add the following code
#!/bin/sh ( /usr/local/bin/rkhunter --versioncheck /usr/local/bin/rkhunter --update /usr/local/bin/rkhunter --cronjob --report-warnings-only ) | /bin/mail -s 'rkhunter Daily Run' [email protected]
Replace [email protected] above with your email.
Set execute permission for rkhunter.sh
chmod +x /etc/cron.daily/rkhunter.sh
Related Posts:
- How To Install Lighttpd And PHP (PHP-FPM) On CentOS 6
- How To Install Nginx And PHP-FPM On CentOS 6 Via Yum
- How To Install Nginx And PHP (PHP-FPM) On CentOS 6
- How To Increase The Number Of PTY (Pseudo-Terminal Driver)
- How To Enable IP Forwarding On CentOS / RedHat
- How To Increase PHP Memory Limit
- MySQL Slow Query Log File
- How to disable ICMP echo responses in Linux
- How To Install ionCube Loader
- How To Install Webalizer On CentOS
{ 2 comments… read them below or add one }
There is no space between ‘-‘ and install.
sh installer.sh — install =====> sh installer.sh –install
I updated. Thanks Hoskitani !