How to Install RkHunter on Linux Server

Rootkit (RkHunter) scanner is scanning tool to ensure you for about 99.9%* you're clean of nasty tools.
This tool scans for rootkits, backdoors and local exploits by running tests like:MD5 hash compare, Look for default files used by rootkits, Wrong file permissions for binaries,Look for suspected strings in LKM and KLD modules, Look for hidden files,Optional scan within plaintext and binary files.
Rootkit Hunter is released as GPL licensed project and free for everyone to use.

Let us see  the installation of Rootkit Hunter in detail.

RKHUNTER Installation steps

1) Download  latest Rootki Hunter setup from http://sourceforge.net/projects/rkhunter/

root@server[#]wget http://space.dl.sourceforge.net/project/rkhunter/rkhunter/1.3.8/rkhunter-1.3.8.tar.gz

system will download and below message will appear

--2011-01-06 14:28:42--  http://space.dl.sourceforge.net/project/rkhunter/rkhunter/1.3.8/rkhunter-1.3.8.tar.gz

Resolving space.dl.sourceforge.net... 92.46.53.163

Connecting to space.dl.sourceforge.net|92.46.53.163|:80... connected.

HTTP request sent, awaiting response... 200 OKLength: 241551 (236K) [application/x-gzip]Saving to: `rkhunter-1.3.8.tar.gz'
100%[=======================================>] 241,551     19.9K/s   in 18s
2011-01-06 14:29:03 (13.3 KB/s) - `rkhunter-1.3.8.tar.gz' saved [241551/241551]

2) Untar the rootkit setup downloaded

root@server [#]tar -xvf rkhunter-1.3.8.tar.gz

3) Go in Rootkit Hunter direcory

root@server [#]cd rkhunter-1.3.8

4) Run the installer

root@server [#/rkhunter-1.3.8] sh installer.sh --layout /usr/local --install

It will display message as

Checking system for:

Rootkit Hunter installer files: found

A web file download command: wget found

Starting installation:

Checking installation directory "/usr/local": it exists and is writable.

Checking installation directories:

Directory /usr/local/share/doc/rkhunter-1.3.8: creating: OK

Directory /usr/local/share/man/man8: exists and is writable.

Directory /usr/local/etc: exists and is writable.

.....

....

Installation complete

5) Now you can run a test scan with the command:

root@server [#/rkhunter-1.3.8]/usr/local/bin/rkhunter -c

6)To setup a daily scan report:

root@server[#]vi /etc/cron.daily/rkhunter.sh

In file editor, enter

#!/bin/bash(/usr/local/bin/rkhunter -c --cronjob 2>&1 | mail -s "Daily Rkhunter ScanReport" email@domain.com)

Change the user of file

chmod  x /etc/cron.daily/rkhunter.sh

If any feedback, queries are always welcome!