Installing Rkhunter (Rootkit Hunter)

Justin

First download the latest stable version of Rkhunter tool:

wget http://ncu.dl.sourceforge.net/project/rkhunter/rkhunter/1.4.0/rkhunter-1.4.0.tar.gz

Once you have downloaded the latest version, run the following commands as a root user to install it:

tar -xvf rkhunter-1.4.0.tar.gz
cd rkhunter-1.4.0
./installer.sh --layout default --install

Run the RKH updater to fill the database properties by running the following commands:

/usr/local/bin/rkhunter --update
/usr/local/bin/rkhunter -propupd

Create a file called rkhunter.sh under /etc/cron.daily/, which then scans your file system every day and sends email notifications to your email id. Create following file:

nano /etc/cron.daily/rkhunter.sh

Add the following lines of code to it and replace "YourServerNameHere" with your "Server Name" and "[email protected]" with your "Email":

#!/bin/sh
(
/usr/local/bin/rkhunter --versioncheck
/usr/local/bin/rkhunter --update
/usr/local/bin/rkhunter --cronjob --report-warnings-only
) | /bin/mail -s 'rkhunter Daily Run (PutYourServerNameHere)' [email protected]

Set execute permission on the file:

chmod 755 /etc/cron.daily/rkhunter.sh

To scan the entire file system manually, run the Rkhunter as a root user.

rkhunter -check

The above command generates a log file under /var/log/rkhunter.log with the checked results made by Rkhunter.

For more information and options please run the following command:

rkhunter --help