Rootkit Hunter(rkHunter) is unix-based tool that scans for rootkits, backdoors and possible exploits, The way of working, for rkhunter goes like that it compares SHA-1 hashes for important files with the known good files in an online database. It searches for hidden files, doubtful strings in kernel modules, default directories for rootkits, Optional scan within plain text and binary files.
Install rkhunter
# cd /tmp
# wget http://ncu.dl.sourceforge.net/project/rkhunter/rkhunter/1.4.0/rkhunter-1.4.0.tar.gz
# tar -xvf rkhunter-1.4.0.tar.gz
# cd rkhunter-1.4.0
# ./installer.sh --layout default --install
Update rkhunter
# /usr/local/bin/rkhunter --update
# /usr/local/bin/rkhunter --propupd
Cron Job
nano /etc/cron.daily/rkhunter.sh
Add the following lines of code to it and replace “YourServerNameHere” with your “Server Name” and “[email protected]” with your “Email Id“.
#!/bin/sh
(
/usr/local/bin/rkhunter --versioncheck
/usr/local/bin/rkhunter --update
/usr/local/bin/rkhunter --cronjob --report-warnings-only
) | /bin/mail -s 'rkhunter Daily Run (servername)'
Change the permission
Set execute permission on the file.
# chmod 755 /etc/cron.daily/rkhunter.sh
Manual Scan
To scan the entire file system, run the Rkhunter as a root user.
# rkhunter --check
The above command generates log file under /var/log/rkhunter.log with the checks results made by Rkhunter. For more information and options please run the following command.
# rkhunter --help
If you need any assistance from our support person, you can contact us at [email protected] and [email protected] , we would be happy to help you.
