Rkhunter rootkit scanning tool installation

Rkhunter rootkit scanning tool installation

How to install rkhunter rootkit scanning tool ?  

Rkhunter is a rootkit hunter scanning tool, it’s open source  scanner for unix flavors like centos, redhat, fedora and debian.

RKhunter scanner detects the back doors, malware, hidden exploits and other vulnerabilities like suspicious keywords in the kernel.

With our guide we assist you to install and configure the Rkhunter. In the guide we are using Centos6.x

Download the latest rkhunter scan tool from the following location



For latest version visit this URL and download the latest version of Rkhunter.



Steps to install and configure the Rkhunter rootkit scaning tool

Step 1: Download and Extract

Step 2: Install

Step 3: configuration and scan

Step 4: Uninstall / Remove


Step 1: Download the rkhunter, using command line utility wget

#cd /opt

#wget http://sourceforge.net/projects/rkhunter/files/rkhunter/1.4.2/rkhunter-1.4.2.tar.gz/download

Extract the source

#tar -zxvf rkhunter-1.4.2.tar.gz

Switch to rkhunter-1.4.2

#cd rkhunter-1.4.2


Step 2: Install the  rkhunter from the source package as  downloaded in step 1

Change the permission of installer.sh to make it executable

#chmod 755 installer.sh

Run the installer

#./installer.sh –layout /usr/local –install


#sh installer.sh –layout /usr/local –install

Update Rk hunter database

#rkhunter –update

#rkhunter –propupd


Step 3: Configuration and performing scan operation 

Modify parameter in the rkhunter.conf  to suit your environment. Let assume the root login is allowed to the server then correct the settings in rkhunter.conf to avoid the warning in the logs

#vi /etc/rkhunter/rkhnuter.conf


Save & Exit!


Schedule the cron job to run the rkhunter scanner everyday by creating a script file under the


The below script will update the database definitions and report the warning alerts to a mail id.

#vi /etc/cron.daily/rkhunter.sh



/usr/local/bin/rkhunter –versioncheck

/usr/local/bin/rkhunter –update

/usr/local/bin/rkhunter –cronjob –report-warnings-only

) | /bin/mail -s ‘rkhunter Daily Run (ServerName)’ admin@xyz.com


Save & Exit


PutYourServerNameHere : change it to your servername

your@email: change this to suit your environment.


Make the file executable

#chmod 755 /etc/cron.daily/rkhunter.sh

Help for using rkhunter scanner

#rkhunter –help

Scan entire file system to detect vulnerabilities across the file system including hidden.

#rkhunter –check

The log,  the scan results stored in /var/log/rkhunter.log

#tail -f /var/log/rkhunter.log


Step 4: Uninstall / Remove

#./installer.sh –remove –layout /usr/local



Leave a Reply

Your email address will not be published. Required fields are marked *

82 + = 88