Rootkit (RkHunter) scanner is scanning tool to ensure you for about 99.9%* you're clean of nasty tools.
This tool scans for rootkits, backdoors and local exploits by running tests like:MD5 hash compare, Look for default files used by rootkits, Wrong file permissions for binaries,Look for suspected strings in LKM and KLD modules, Look for hidden files,Optional scan within plaintext and binary files.
Rootkit Hunter is released as GPL licensed project and free for everyone to use.
Let us see the installation of Rootkit Hunter in detail.
RKHUNTER Installation steps
1) Download latest Rootki Hunter setup from http://sourceforge.net/projects/rkhunter/
[email protected][#]wget http://space.dl.sourceforge.net/project/rkhunter/rkhunter/1.3.8/rkhunter-1.3.8.tar.gz
system will download and below message will appear
--2011-01-06 14:28:42-- http://space.dl.sourceforge.net/project/rkhunter/rkhunter/1.3.8/rkhunter-1.3.8.tar.gz
Resolving space.dl.sourceforge.net... 188.8.131.52
Connecting to space.dl.sourceforge.net|184.108.40.206|:80... connected.
HTTP request sent, awaiting response... 200 OKLength: 241551 (236K) [application/x-gzip]Saving to: `rkhunter-1.3.8.tar.gz'
100%[=======================================>] 241,551 19.9K/s in 18s
2011-01-06 14:29:03 (13.3 KB/s) - `rkhunter-1.3.8.tar.gz' saved [241551/241551]
2) Untar the rootkit setup downloaded
[email protected] [#]tar -xvf rkhunter-1.3.8.tar.gz
3) Go in Rootkit Hunter direcory
[email protected] [#]cd rkhunter-1.3.8
4) Run the installer
[email protected] [#/rkhunter-1.3.8] sh installer.sh --layout /usr/local --install
It will display message as
Checking system for:
Rootkit Hunter installer files: found
A web file download command: wget found
Checking installation directory "/usr/local": it exists and is writable.
Checking installation directories:
Directory /usr/local/share/doc/rkhunter-1.3.8: creating: OK
Directory /usr/local/share/man/man8: exists and is writable.
Directory /usr/local/etc: exists and is writable.
5) Now you can run a test scan with the command:
[email protected] [#/rkhunter-1.3.8]/usr/local/bin/rkhunter -c
6)To setup a daily scan report:
[email protected][#]vi /etc/cron.daily/rkhunter.sh
In file editor, enter
#!/bin/bash(/usr/local/bin/rkhunter -c --cronjob 2>&1 | mail -s "Daily Rkhunter ScanReport" [email protected])
Change the user of file
chmod x /etc/cron.daily/rkhunter.sh
If any feedback, queries are always welcome!