Friday, 23 August 2013

How to install Rkhunter (Rootkit Hunter) in centos

Rkhunter (Rootkit Hunter)  that scans backdoors, rootkits and local exploits on your systems. It scans hidden files, wrong permissions set on binaries, suspicious strings in kernel etc.

Download the package

# cd /opt/hunter
# wget http://ncu.dl.sourceforge.net/project/rkhunter/rkhunter/1.4.0/rkhunter-1.4.0.tar.gz

Run the following commands as root

# tar -xvf rkhunter-1.4.0.tar.gz
# cd rkhunter-1.4.0
# ./installer.sh --layout default --install


Fill up the database properties

# /usr/local/bin/rkhunter --update
# /usr/local/bin/rkhunter --propupd


Setup cronjob and Email alert for daily

Create a file called rkhunter.sh under /etc/cron.daily/ which scans your system daily

# vi /etc/cron.daily/rkhunter.sh

replace “ServerNameHere” with "YourServerName” and “your@email.com” with your “Email Id“.


#!/bin/sh
(
/usr/local/bin/rkhunter --versioncheck
/usr/local/bin/rkhunter --update
/usr/local/bin/rkhunter --cronjob --report-warnings-only
) | /bin/mail -s 'rkhunter Daily Run (PutYourServerNameHere)' your@email.com


# chmod 644 /etc/cron.daily/rkhunter.sh

Manual Scanning and usage

To scan the entire file system, run the Rkhunter as a root user.
# rkhunter --check

The above command generates log file under /var/log/rkhunter.log with the checks results made by Rkhunter.

For more information and options please run the following command.
# rkhunter --help






No comments:

Post a Comment