Rkhunter rootkit scanning tool installation

Rkhunter rootkit scanning tool installation

How to install rkhunter rootkit scanning tool ?  

Rkhunter is a rootkit hunter scanning tool, it’s open source  scanner for unix flavors like centos, redhat, fedora and debian.

RKhunter scanner detects the back doors, malware, hidden exploits and other vulnerabilities like suspicious keywords in the kernel.

With our guide we assist you to install and configure the Rkhunter. In the guide we are using Centos6.x

Download the latest rkhunter scan tool from the following location

http://sourceforge.net/projects/rkhunter/files/latest/download

OR

For latest version visit this URL and download the latest version of Rkhunter.

http://sourceforge.net/projects/rkhunter/files/

 

Steps to install and configure the Rkhunter rootkit scaning tool

Step 1: Download and Extract

Step 2: Install

Step 3: configuration and scan

Step 4: Uninstall / Remove

 

Step 1: Download the rkhunter, using command line utility wget

#cd /opt

#wget http://sourceforge.net/projects/rkhunter/files/rkhunter/1.4.2/rkhunter-1.4.2.tar.gz/download

Extract the source

#tar -zxvf rkhunter-1.4.2.tar.gz

Switch to rkhunter-1.4.2

#cd rkhunter-1.4.2

 

Step 2: Install the  rkhunter from the source package as  downloaded in step 1

Change the permission of installer.sh to make it executable

#chmod 755 installer.sh

Run the installer

#./installer.sh –layout /usr/local –install

OR

#sh installer.sh –layout /usr/local –install

Update Rk hunter database

#rkhunter –update

#rkhunter –propupd

 

Step 3: Configuration and performing scan operation 

Modify parameter in the rkhunter.conf  to suit your environment. Let assume the root login is allowed to the server then correct the settings in rkhunter.conf to avoid the warning in the logs

#vi /etc/rkhunter/rkhnuter.conf

ALLOW_SSH_ROOT_USER=yes

Save & Exit!

 

Schedule the cron job to run the rkhunter scanner everyday by creating a script file under the

/etc/cron.daily/.

The below script will update the database definitions and report the warning alerts to a mail id.

#vi /etc/cron.daily/rkhunter.sh

#!/bin/sh

(

/usr/local/bin/rkhunter –versioncheck

/usr/local/bin/rkhunter –update

/usr/local/bin/rkhunter –cronjob –report-warnings-only

) | /bin/mail -s ‘rkhunter Daily Run (ServerName)’ admin@xyz.com

 

Save & Exit

Note:

PutYourServerNameHere : change it to your servername

your@email: change this to suit your environment.

 

Make the file executable

#chmod 755 /etc/cron.daily/rkhunter.sh

Help for using rkhunter scanner

#rkhunter –help

Scan entire file system to detect vulnerabilities across the file system including hidden.

#rkhunter –check

The log,  the scan results stored in /var/log/rkhunter.log

#tail -f /var/log/rkhunter.log

 

Step 4: Uninstall / Remove

#./installer.sh –remove –layout /usr/local

 

 

Both comments and pings are currently closed.

Comments are closed.

Copyright ©Solutions@Experts.com
Copyright © NewWpThemes Techmark Solutions - www.techmarksolutions.co.uk