How to Install RkHunter on Linux Server

Share with all..

Rootkit (RkHunter) scanner is scanning tool to ensure you for about 99.9%* you're clean of nasty tools.
This tool scans for rootkits, backdoors and local exploits by running tests like:MD5 hash compare, Look for default files used by rootkits, Wrong file permissions for binaries,Look for suspected strings in LKM and KLD modules, Look for hidden files,Optional scan within plaintext and binary files.
Rootkit Hunter is released as GPL licensed project and free for everyone to use.

Let us see  the installation of Rootkit Hunter in detail.

RKHUNTER Installation steps

1) Download  latest Rootki Hunter setup from

[email protected][#]wget

system will download and below message will appear

--2011-01-06 14:28:42--


Connecting to||:80... connected.

HTTP request sent, awaiting response... 200 OKLength: 241551 (236K) [application/x-gzip]Saving to: `rkhunter-1.3.8.tar.gz'
100%[=======================================>] 241,551     19.9K/s   in 18s
2011-01-06 14:29:03 (13.3 KB/s) - `rkhunter-1.3.8.tar.gz' saved [241551/241551]

2) Untar the rootkit setup downloaded

[email protected] [#]tar -xvf rkhunter-1.3.8.tar.gz

3) Go in Rootkit Hunter direcory

[email protected] [#]cd rkhunter-1.3.8

4) Run the installer

[email protected] [#/rkhunter-1.3.8] sh --layout /usr/local --install

It will display message as

Checking system for:

Rootkit Hunter installer files: found

A web file download command: wget found

Starting installation:

Checking installation directory "/usr/local": it exists and is writable.

Checking installation directories:

Directory /usr/local/share/doc/rkhunter-1.3.8: creating: OK

Directory /usr/local/share/man/man8: exists and is writable.

Directory /usr/local/etc: exists and is writable.



Installation complete

5) Now you can run a test scan with the command:

[email protected] [#/rkhunter-1.3.8]/usr/local/bin/rkhunter -c

6)To setup a daily scan report:

[email protected][#]vi /etc/cron.daily/

In file editor, enter

#!/bin/bash(/usr/local/bin/rkhunter -c --cronjob 2>&1 | mail -s "Daily Rkhunter ScanReport" [email protected])

Change the user of file

chmod  x /etc/cron.daily/

If any feedback, queries are always welcome!

Share with all..

About Abhijit Sandhan

Loves Open Source, Blogging, Traveling, Hiking and sharing Knowledge!

Leave a Reply

Your email address will not be published. Required fields are marked *