Tutorial How to Install RkHunter In Linux

How to Scan your Linux server for Malware and Rootkits

A. About RkHunter

rkhunter (Rootkit Hunter) is a Unix-based tool that scans for rootkits, backdoors and possible local exploits. It does this by comparing SHA-1 hashes of important files with known good ones in online databases, searching for default directories (of rootkits), wrong permissions, hidden files, suspicious strings in kernel modules, and special tests for Linux and FreeBSD.
Details info about The types of malware and RkHunter

B. Install Rootkit Hunter (RkHunter) Scanner in Linux Systems

First step, we need to download the latest stable version of Rkhunter tool.
[root@www ~]# wgethttp://ncu.dl.sourceforge.net/project/rkhunter/rkhunter/1.4.2/rkhunter-1.4.2.tar.gz
Once you have downloaded the latest version, run the following commands as a root user to install it.
[root@www ~]# tar -xvf rkhunter-1.4.2.tar.gz
[root@www ~]# cd rkhunter-1.4.2
[root@www rkhunter-1.4.2]# ./installer.sh --layout default --install
And will show like this if complete :

C. Updating Rkhunter

[root@www rkhunter-1.4.2]# rkhunter --update
[root@www rkhunter-1.4.2]# rkhunter --propupd

D. Run RkHunter Automatically and send Email Alerts

To run RkHunter automatically, we need to create a file rkhunter.sh under /etc/cron.daily/, which then scans file system every day and sends email notifications to your email address.
[root@www rkhunter-1.4.2]# nano /etc/cron.daily/rkhunter.sh
And paste the following line :
==========================================
#!/bin/sh
(
/usr/local/bin/rkhunter --versioncheck
/usr/local/bin/rkhunter --update
/usr/local/bin/rkhunter --cronjob --report-warnings-only
) | /bin/mail -s 'rkhunter Daily Run in Your Server' youremail@yourdomain.com
==========================================
And then save and exit with type ctrl+x and type Y, next set execute permission on the file.
[root@www rkhunter-1.4.2]# chmod 755 /etc/cron.daily/rkhunter.sh
To scan the entire file system, run the Rkhunter as a root user.
[root@www rkhunter-1.4.2]# rkhunter --check
or to "auto skip" interactive mode, add the -sk option at the end
[root@www ~]# rkhunter --check -sk



Please wait, it will take a long time depending on the system to be scanned, and will generates log file under /var/log/rkhunter.log with the checks results made by Rkhunter.
And after Finished, will show the checks summary :

And to see the logs :
[root@www rkhunter-1.4.2]# cat /var/log/rkhunter/rkhunter.log
[root@www rkhunter-1.4.2]# grep Warning /var/log/rkhunter.log
And for more information and options please run the following command :
[root@www ~]# rkhunter --help




Similar Preventive :

Install Advanced Policy Firewall In Linux
Install Linux Malware Detect (LMD) with ClamAV Centos 6.7
Tutorial Install mod_evasive In Centos
Tutorial Install Lynis in Linux


 

Copyright Albenet Hosting Sunday 22-Oct-2017 All rights reserved.