Rkhunter - installation and use

source: RKHUNTER
Rkhunter

Rkhunter is a common option for scanning your system for rootkits and general vulnerabilities. It can be easily installed from the package manager on CentOS using the following command.

sudo yum install rkhunter

Once installed and before scanning, you’ll need to update the file properties database.

sudo rkhunter --propupd

This lets the scanner to know the current state of certain files to prevent some false alarms. After the update, simply run the scanner with the following.

sudo rkhunter --checkall

The scanner goes through some system commands, checks for actual rootkits and some malware, network and local host settings, and then gives you the summary as well as recording the findings to a log file.

Afterwards, you can get a condensed look at the scan log with this command.

sudo cat /var/log/rkhunter/rkhunter.log | grep -i warning

Go through the output to get some tips on what you could do to improve your system security

 

Another Source: Install RKHunter

Install Rkhunter

 

Overview

rkhunter (Rootkit Hunter) is a Unix-based tool that scans for rootkits, backdoors and possible local exploits. It does this by comparing SHA-1 hashes of important files with known good ones in online database, searching for default directories (of rootkits), wrong permissions, hidden files, suspicious strings in kernel modules, and special tests for Linux and FreeBSD.

Instructions

1. Log into your Dedicated/VPS Server via SSH.

2. Type the follow commands:

wget http://sourceforge.net/projects/rkhunter/files/rkhunter/1.3.8/rkhunter-1.3.8.tar.gz/download

3. Now unzip the archive:

tar -zxvf rkhunter-1.3.8.tar.gz

4. Then, change directory:

cd rkhunter-1.3.8

5. Run the installer:

./installer.sh

6. You can test the installation by typing this command. Note: If successful, this scan will take about 2 minutes to complete.

/usr/local/bin/rkhunter -c

Optional settings

After this, you may want to create a cron job to run on a daily basis. Use this shell script below:

#!/bin/bash
(/usr/local/bin/rkhunter -c --sk --nocolors --check | mail -s "Daily Rkhunter Scan Report" youremail [at] email [dot] com)

Simply replace the email address with your email. You can then create a cron job in the root tasks in Plesk or via ssh.

If you would like to get only warnings inside your email simply replace

--sk --nocolors --check
--cronjob --report-warnings-only

You can also check for software updates by adding

--update

You may want to run the update on a different cronjob maybe a weekly basis.

Add Feedback