Friday, 23 August 2013

How to install Rkhunter (Rootkit Hunter) in centos

Rkhunter (Rootkit Hunter)  that scans backdoors, rootkits and local exploits on your systems. It scans hidden files, wrong permissions set on binaries, suspicious strings in kernel etc.

Download the package

# cd /opt/hunter
# wget

Run the following commands as root

# tar -xvf rkhunter-1.4.0.tar.gz
# cd rkhunter-1.4.0
# ./ --layout default --install

Fill up the database properties

# /usr/local/bin/rkhunter --update
# /usr/local/bin/rkhunter --propupd

Setup cronjob and Email alert for daily

Create a file called under /etc/cron.daily/ which scans your system daily

# vi /etc/cron.daily/

replace “ServerNameHere” with "YourServerName” and “” with your “Email Id“.

/usr/local/bin/rkhunter --versioncheck
/usr/local/bin/rkhunter --update
/usr/local/bin/rkhunter --cronjob --report-warnings-only
) | /bin/mail -s 'rkhunter Daily Run (PutYourServerNameHere)'

# chmod 644 /etc/cron.daily/

Manual Scanning and usage

To scan the entire file system, run the Rkhunter as a root user.
# rkhunter --check

The above command generates log file under /var/log/rkhunter.log with the checks results made by Rkhunter.

For more information and options please run the following command.
# rkhunter --help

No comments:

Post a Comment