Install rkhunter (Rootkit Hunter) in Linux
Rootkit Hunter
Rootkit scanner is scanning tool to ensure you for about 99.9%* you're clean of nasty tools. This tool scans for rootkits, backdoors and local exploits by running tests like:
- MD5 hash compare
- Look for default files used by rootkits
- Wrong file permissions for binaries
- Look for suspected strings in LKM and KLD modules
- Look for hidden files
- Optional scan within plaintext and binary files
Installation:
root@server [~]# cd /usr/local/src
root@server [/usr/local/src]# wget http://ncu.dl.sourceforge.net/project/rkhunter/rkhunter/1.4.0/rkhunter-1.4.0.tar.gz
root@server [/usr/local/src]# tar -xzf rkhunter-1.4.0.tar.gz
root@server [/usr/local/src]# cd rkhunter-1.4.0
root@server [/usr/local/src/rkhunter-1.4.0]# ./installer.sh --install
Update rkhunter after installation.
root@server [~]# rkhunter --update
Scanning:
You can run a scan using the following command
root@server [~]# rkhunter -c
You can view all the available options with rkhunter using the following command
root@server [~]# rkhunter --help
If you want to skip the interactive prompts, add the -sk option at the end:
root@server [~]# rkhunter -c -sk
Setup Daily Scan Report:
You can setup a daily scan report by using a cron as like follows.
create a file named /etc/cron.daily/rkhunter.sh with the following script.
==========================================================
==========================================================
#!/bin/sh
( /usr/local/bin/rkhunter --versioncheck
/usr/local/bin/rkhunter --update
/usr/local/bin/rkhunter --cronjob --report-warnings-only
) | /usr/bin/mail -s "rkhunter output" admin@yourdomain.com
root@server [~]# chmod 750 /etc/cron.daily/rkhunter.sh
That's it...
