It is unix based tool that scans for rootkits, backdoors and possible local exploits. Rkhunter checks to see whether the binary files or sytem startup files have been modofied and performs various checks on the networks interfaces, including checks for listeninf services and applications.
- Download rkhunter
cd rkhunter-1.4.2
./installer.sh --install --layout default
- Download rkhunter
wget http://downloads.sourceforge.net/project/rkhunter/rkhunter/1.4.2/rkhunter-1.4.2.tar.gztar xzfv rkhunter-1.4.2.tar.gz
cd rkhunter-1.4.2
./installer.sh --install --layout default
Once you done the installation, Update the rkhunter run the below commnads:
# rkhunter --update
# rkhunter --propupd
- Manual Scan
Use the following commnad to perform a test scan of your server
# rkhunter -c
- Add cron job
Setup a daily cron job on your server by editing the file /etc/cron.daily/rkhunter-cron.sh
# sudo nano /etc/cron.daily/rkhunter-cron.sh
#!/bin/sh
(
rkhunter --versioncheck
rkhunter --update
rkhunter -c --cronjob
) | mail -s 'rkhunter Daily Check' [email protected]
# rkhunter --update
# rkhunter --propupd
- Manual Scan
Use the following commnad to perform a test scan of your server
# rkhunter -c
- Add cron job
Setup a daily cron job on your server by editing the file /etc/cron.daily/rkhunter-cron.sh
# sudo nano /etc/cron.daily/rkhunter-cron.sh
#!/bin/sh
(
rkhunter --versioncheck
rkhunter --update
rkhunter -c --cronjob
) | mail -s 'rkhunter Daily Check' [email protected]
add your mail address where you want to be recieve the cron job activity
Set the permission, Execute the following command to make script executable.
# chmod +x /etc/cron.daily/rkhunter-cron.sh
You have successfully installed rootkit hunter.
Set the permission, Execute the following command to make script executable.
# chmod +x /etc/cron.daily/rkhunter-cron.sh
You have successfully installed rootkit hunter.
