Rkhunter (Rootkit Hunter) that scans backdoors, rootkits and local exploits on your systems. It scans hidden files, wrong permissions set on binaries, suspicious strings in kernel etc.
Download the package
# cd /opt/hunter
# wget http://ncu.dl.sourceforge.net/project/rkhunter/rkhunter/1.4.0/rkhunter-1.4.0.tar.gz
Run the following commands as root
# tar -xvf rkhunter-1.4.0.tar.gz
# cd rkhunter-1.4.0
# ./installer.sh --layout default --install
Fill up the database properties
# /usr/local/bin/rkhunter --update
# /usr/local/bin/rkhunter --propupd
Setup cronjob and Email alert for daily
Create a file called rkhunter.sh under /etc/cron.daily/ which scans your system daily
# vi /etc/cron.daily/rkhunter.sh
replace “ServerNameHere” with "YourServerName” and “your@email.com” with your “Email Id“.
#!/bin/sh
(
/usr/local/bin/rkhunter --versioncheck
/usr/local/bin/rkhunter --update
/usr/local/bin/rkhunter --cronjob --report-warnings-only
) | /bin/mail -s 'rkhunter Daily Run (PutYourServerNameHere)' your@email.com
# chmod 644 /etc/cron.daily/rkhunter.sh
Manual Scanning and usage
To scan the entire file system, run the Rkhunter as a root user.
# rkhunter --check
The above command generates log file under /var/log/rkhunter.log with the checks results made by Rkhunter.
For more information and options please run the following command.
# rkhunter --help
Download the package
# cd /opt/hunter
# wget http://ncu.dl.sourceforge.net/project/rkhunter/rkhunter/1.4.0/rkhunter-1.4.0.tar.gz
Run the following commands as root
# tar -xvf rkhunter-1.4.0.tar.gz
# cd rkhunter-1.4.0
# ./installer.sh --layout default --install
Fill up the database properties
# /usr/local/bin/rkhunter --update
# /usr/local/bin/rkhunter --propupd
Setup cronjob and Email alert for daily
Create a file called rkhunter.sh under /etc/cron.daily/ which scans your system daily
# vi /etc/cron.daily/rkhunter.sh
replace “ServerNameHere” with "YourServerName” and “your@email.com” with your “Email Id“.
#!/bin/sh
(
/usr/local/bin/rkhunter --versioncheck
/usr/local/bin/rkhunter --update
/usr/local/bin/rkhunter --cronjob --report-warnings-only
) | /bin/mail -s 'rkhunter Daily Run (PutYourServerNameHere)' your@email.com
# chmod 644 /etc/cron.daily/rkhunter.sh
Manual Scanning and usage
To scan the entire file system, run the Rkhunter as a root user.
# rkhunter --check
The above command generates log file under /var/log/rkhunter.log with the checks results made by Rkhunter.
For more information and options please run the following command.
# rkhunter --help
No comments:
Post a Comment