For those of you who didn’t know, Rootkit Hunter (rkhunter) is a Unix-based tool that scans for rootkits, backdoors and possible local exploits. Rkhunter checks to see whether the binary files or system startup files have been modified, and performs various checks on the network interfaces, including checks for listening services and applications. Rkhunter runs on most Linux and UNIX systems. It can be run from the command line, but it can also be scheduled to execute on a daily basis as a cron job.
This article assumes you have at least basic knowledge of linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple. I will show you through the step by step installation rkhunter (rootkit hunter) on centos 6.
Step 1. Download rkhunter.
# cd /tmp
# wget http://ncu.dl.sourceforge.net/project/rkhunter/rkhunter/1.4.0/rkhunter-1.4.0.tar.gz
Step 2. Once you have downloaded the latest version, run the following commands as a root user to install it.
# tar -xvf rkhunter-1.4.0.tar.gz
# cd rkhunter-1.4.0
# ./installer.sh –layout default –install
Step 3. Run the RKH updater to fill the database properties by running the following command.
# /usr/local/bin/rkhunter –update
# /usr/local/bin/rkhunter –propupd
Step 4. Create a file called rkhunter.sh under /etc/cron.daily/, which then scans your file system every day and sends email notifications to your email id. Create following file with the help of your favourite editor.
Step. 5 Add the following lines of code to it and replace “YourServerNameHere” with your “hostname” and “firstname.lastname@example.org” with your administrator email.
/usr/local/bin/rkhunter –cronjob –report-warnings-only
) | /bin/mail -s ‘rkhunter Daily Run (YourHostnameHere)’ email@example.com
Step 6. Set execute permission on the file:
# chmod 755 /etc/cron.daily/rkhunter.sh
Step 7. You are done RKHunters has been installed, If you wish to run manual scan of the entire file system, run the Rkhunter as a root user.
For more information and options run the following command.
# rkhunter –help