How to Install RkHunter on Linux Server

Rootkit (RkHunter) scanner is scanning tool to ensure you for about 99.9%* you're clean of nasty tools.
This tool scans for rootkits, backdoors and local exploits by running tests like:MD5 hash compare, Look for default files used by rootkits, Wrong file permissions for binaries,Look for suspected strings in LKM and KLD modules, Look for hidden files,Optional scan within plaintext and binary files.
Rootkit Hunter is released as GPL licensed project and free for everyone to use.

Let us see  the installation of Rootkit Hunter in detail.

RKHUNTER Installation steps


1) Download  latest Rootki Hunter setup from http://sourceforge.net/projects/rkhunter/

[email protected][#]wget http://space.dl.sourceforge.net/project/rkhunter/rkhunter/1.3.8/rkhunter-1.3.8.tar.gz

system will download and below message will appear

--2011-01-06 14:28:42--  http://space.dl.sourceforge.net/project/rkhunter/rkhunter/1.3.8/rkhunter-1.3.8.tar.gz

Resolving space.dl.sourceforge.net... 92.46.53.163

Connecting to space.dl.sourceforge.net|92.46.53.163|:80... connected.

HTTP request sent, awaiting response... 200 OKLength: 241551 (236K) [application/x-gzip]Saving to: `rkhunter-1.3.8.tar.gz'
100%[=======================================>] 241,551     19.9K/s   in 18s
2011-01-06 14:29:03 (13.3 KB/s) - `rkhunter-1.3.8.tar.gz' saved [241551/241551]

2) Untar the rootkit setup downloaded

[email protected] [#]tar -xvf rkhunter-1.3.8.tar.gz

3) Go in Rootkit Hunter direcory

[email protected] [#]cd rkhunter-1.3.8

4) Run the installer

[email protected] [#/rkhunter-1.3.8] sh installer.sh --layout /usr/local --install

It will display message as

Checking system for:

Rootkit Hunter installer files: found

A web file download command: wget found

Starting installation:

Checking installation directory "/usr/local": it exists and is writable.

Checking installation directories:

Directory /usr/local/share/doc/rkhunter-1.3.8: creating: OK

Directory /usr/local/share/man/man8: exists and is writable.

Directory /usr/local/etc: exists and is writable.

.....

....

Installation complete

5) Now you can run a test scan with the command:

[email protected] [#/rkhunter-1.3.8]/usr/local/bin/rkhunter -c

6)To setup a daily scan report:

[email protected][#]vi /etc/cron.daily/rkhunter.sh

In file editor, enter

#!/bin/bash(/usr/local/bin/rkhunter -c --cronjob 2>&1 | mail -s "Daily Rkhunter ScanReport" [email protected])

Change the user of file

chmod  x /etc/cron.daily/rkhunter.sh

If any feedback, queries are always welcome!

Share on Facebook4
Share on Google+4Tweet about this on TwitterShare on StumbleUpon0Share on LinkedIn0Share on Tumblr0Digg thisPin on Pinterest0Share on Reddit0Email this to someonePrint this page

About Abhijit Sandhan

Abhijit Sandhan
Loves Linux, Blogging, Traveling, Hiking and sharing knowledge!

Leave a Reply

Your email address will not be published. Required fields are marked *

CAPTCHA