anti rookit – lifeLinux: Linux Tips, Hacks, Tutorials, Ebooks https://lifelinux.com All About Linux ! Thu, 20 Oct 2011 08:22:17 +0000 en-US hourly 1 https://wordpress.org/?v=5.5.3 How To Install Rootkit Hunter https://lifelinux.com/how-to-install-rootkit-hunter/ https://lifelinux.com/how-to-install-rootkit-hunter/#comments Fri, 03 Dec 2010 06:04:50 +0000 http://www.lifelinux.com/?p=253 Rootkit Hunter (rkhunter) is a Unix-based tool that scans for rootkits, backdoors and possible local exploits. It does this by comparing SHA-1 hashes of important files with known good ones in online database, searching for default directories (of rootkits), wrong permissions, hidden files, suspicious strings in kernel modules, and special tests for Linux and FreeBSD. […]

The post How To Install Rootkit Hunter appeared first on lifeLinux: Linux Tips, Hacks, Tutorials, Ebooks.

]]>

Rootkit Hunter (rkhunter) is a Unix-based tool that scans for rootkits, backdoors and possible local exploits. It does this by comparing SHA-1 hashes of important files with known good ones in online database, searching for default directories (of rootkits), wrong permissions, hidden files, suspicious strings in kernel modules, and special tests for Linux and FreeBSD.

Installation rkhunter in 5 steps

Step 1: Download rkhunter

Login your server as root, and type the following command

wget http://biznetnetworks.dl.sourceforge.net/project/rkhunter/rkhunter/1.3.8/rkhunter-1.3.8.tar.gz

Step 2: Extract rkhunter

tar -zxvf rkhunter-1.3.8.tar.gz

Step 3: Install rkhunter

cd rkhunter-1.3.8
sh installer.sh --install

The screen as shown:

Checking system for:
 Rootkit Hunter installer files: found
 A web file download command: wget found
Starting update:
 Checking installation directory "/usr/local": it exists and is writable.
 Checking installation directories:
  Directory /usr/local/share/doc/rkhunter-1.3.8: exists and is writable.
  Directory /usr/local/share/man/man8: exists and is writable.
  Directory /etc: exists and is writable.
  Directory /usr/local/bin: exists and is writable.
  Directory /usr/local/lib: exists and is writable.
  Directory /var/lib: exists and is writable.
  Directory /usr/local/lib/rkhunter/scripts: exists and is writable.
  Directory /var/lib/rkhunter/db: exists and is writable.
  Directory /var/lib/rkhunter/tmp: exists and is writable.
  Directory /var/lib/rkhunter/db/i18n: exists and is writable.
 Installing check_modules.pl: OK
 Installing filehashsha.pl: OK
 Installing stat.pl: OK
 Installing readlink.sh: OK
 Installing backdoorports.dat: OK
 Installing mirrors.dat: OK
 Installing programs_bad.dat: OK
 Installing suspscan.dat: OK
 Installing rkhunter.8: OK
 Installing ACKNOWLEDGMENTS: OK
 Installing CHANGELOG: OK
 Installing FAQ: OK
 Installing LICENSE: OK
 Installing README: OK
 Installing language support files: OK
 Installing rkhunter: OK
 Installing rkhunter.conf in no-clobber mode: OK
 >>>
 >>> PLEASE NOTE: inspect for update changes in "/etc/rkhunter.conf.24761",
 >>> and apply to either "/etc/rkhunter.conf" or your local configuration
 >>> file before running Rootkit Hunter.
 >>>
Update complete

Step 4: Update rkhunter

At prompt type the following command

rkhunter --update

Step 5:Adding daily cron job

If you want get a mail daily with a status on your system, you need to do the following in steps:
Create file rkhunter.sh

vi /etc/cron.daily/rkhunter.sh

Add the following code

#!/bin/sh
(
/usr/local/bin/rkhunter --versioncheck
/usr/local/bin/rkhunter --update
/usr/local/bin/rkhunter --cronjob --report-warnings-only
) | /bin/mail -s 'rkhunter Daily Run' yourname@example.com

Replace yourname@example.com above with your email.

Set execute permission for rkhunter.sh

chmod +x /etc/cron.daily/rkhunter.sh

The post How To Install Rootkit Hunter appeared first on lifeLinux: Linux Tips, Hacks, Tutorials, Ebooks.

]]> https://lifelinux.com/how-to-install-rootkit-hunter/feed/ 2