Hello Guest, if you read this, it means you are not registered. Click here to register a few simple steps, you will enjoy all the features of our Forum. Please note that nicknames are prohibited lewd or meaningless (no numbers or letters at random) and introduce yourself in the section for you to meet our community.
Install Linux Rkhunter (Rootkit Hunter) on Centos - Blogs - GOZEN Host Forums
View RSS Feed

GOZEN Host blogs

Install Linux Rkhunter (Rootkit Hunter) on Centos

Rate this Entry
by , 04-01-2014 at 03:25 PM (10332 Views)
At first let's answer a simple question -> What Is Rkhunter?
Well, Rkhunter (Rootkit Hunter) is an open source Unix/Linux based scanner tool for Linux systems released under GPL that scans backdoors, rootkits and local exploits on your systems.
It scans hidden files, wrong permissions set on binaries, suspicious strings in kernel etc.
To know more about Rkhunter and its features visit Rootkit.nl - Protect your machine.

Here we are going to help you install RKhunter on your Linux Dedicated/VPS box, step by step!
Step 1
First download the latest stable version of Rkhunter tool by going to Rootkit Hunter or use the following wget command to download the tar file to your box.

HTML Code:
# cd /tmp
# wget http://sourceforge.net/projects/rkhunter/files/rkhunter/1.4.2/rkhunter-1.4.2.tar.gz
*Notice when you read this post version might have changed so it's better to look up for the proper version first and adjust the wget command accordingly.
Step 2
Now that you have the latest version it's time to do some real work with RKhunter.
HTML Code:
# tar -xvf rkhunter-1.4.2.tar.gz
# cd rkhunter-1.4.2
# ./installer.sh --layout default --install
Step 3
Let's create a cron job and have an email alert whenever our box gets scaned by RKhunter
Create a file called rkhunter.sh under /etc/cron.daily/, which then scans your file system every day and sends email notifications to your email id.
HTML Code:
nano /etc/cron.daily/rkhunter.sh
Now add the following lines to that file:
HTML Code:
/usr/local/bin/rkhunter --versioncheck
/usr/local/bin/rkhunter --update
/usr/local/bin/rkhunter --cronjob --report-warnings-only
) | /bin/mail -s 'rkhunter Daily Run (YourServerName)' your@email.com
*make sure you change YouServerName and your email with your own values.
Save the file and then chmod so it has execute permissions.
HTML Code:
# chmod 755 /etc/cron.daily/rkhunter.sh
If you just installed RKhunter and you like to check your box for any problems you can manually run using the following command line:
HTML Code:
# rkhunter --check
Even though you can see the results on screen you can also check the log file that RKhunter creates under /var/log/rkhunter.log

Update RKhunter
If you want to update RHhunter (you always need to keep your box updated and patched don't forget that) you can execute the following commands using SSH.
HTML Code:
# /usr/local/bin/rkhunter --update
# /usr/local/bin/rkhunter --propupd

Submit "Install Linux Rkhunter (Rootkit Hunter) on Centos" to Digg Submit "Install Linux Rkhunter (Rootkit Hunter) on Centos" to del.icio.us Submit "Install Linux Rkhunter (Rootkit Hunter) on Centos" to StumbleUpon Submit "Install Linux Rkhunter (Rootkit Hunter) on Centos" to Twitter