Installing Rkhunter (Rootkit Hunter) in RHEL, CentOS and Fedora

What Is Rkhunter?

Rkhunter (Rootkit Hunter) is an open source Unix/Linux based scanner tool for Linux systems released under GPL that scans backdoors, rootkits and local exploits on your systems. It scans hidden files, wrong permissions set on binaries, suspicious strings in kernel etc. To know more about Rkhunter and its features visit http://www.rootkit.nl/.

Installing Rkhunter (Rootkit Hunter) in RHEL, CentOS and Fedora

Step 1: Downloading Rkhunter

Login into putty

# cd /tmp
# wget http://rackmountain.com/scripts/rkhunter-1.4.2.tar.gz

Step 2: Installing Rkhunter

Once you have downloaded the latest version, run the following commands as a root user to install it.

# tar -xvf rkhunter-1.4.0.tar.gz
# cd rkhunter-1.4.0
# ./installer.sh --layout default --install

Step 3: Updating Rkhunter

Run the RKH updater to fill the database properties by running the following command.

# /usr/local/bin/rkhunter --update
# /usr/local/bin/rkhunter --propupd

Step 4: Setting Cronjob and Email Alerts

Create a file called rkhunter.sh under /etc/cron.daily/, which then scans your file system every day and sends email notifications to your email id. Create following file with the help of your favourite editor.

# vi /etc/cron.daily/rkhunter.sh

Add the following lines of code to it and replace “YourServerNameHere” with your “Server Name” and “your@email.com” with your “Email Id“.

#!/bin/sh
(
/usr/local/bin/rkhunter --versioncheck
/usr/local/bin/rkhunter --update
/usr/local/bin/rkhunter --cronjob --report-warnings-only
) | /bin/mail -s 'rkhunter Daily Run (PutYourServerNameHere)' your@email.com

Set execute permission on the file.

# chmod 755 /etc/cron.daily/rkhunter.sh

Step 5: Manual Scan and Usage

To scan the entire file system, run the Rkhunter as a root user.

# rkhunter --check

The above command generates log file under /var/log/rkhunter.log with the checks results made by Rkhunter. For more information and options please run the following command.

# rkhunter --help
  • 2 Users Found This Useful
Was this answer helpful?

Related Articles

Adding a range/block of ips

As an example to add a /24 253 ips to a linux server follow these setups. We'll use...

How can I check my hard disk usage in Linux?

Once you are connected to the server via SSH, run the following command:# df -hThis will output...

Test If Linux Server SCSI / SATA Hard Disk Going Bad

One of our regular sends us a question: How can I test if my hard disk is going bad? I see few...

How to Find Out Hard Disk Specs / Details on Linux

Linux comes with various commands to find out information about your hard drive. I recommend...

Monitoring Hard Drive Health on Linux with smartmontools

S.M.A.R.T. is a system in modern hard drives designed to report conditions that may indicate...

Powered by WHMCompleteSolution