How To Install Rootkit Hunter

by lifeLinux on December 3, 2010

Rootkit Hunter (rkhunter) is a Unix-based tool that scans for rootkits, backdoors and possible local exploits. It does this by comparing SHA-1 hashes of important files with known good ones in online database, searching for default directories (of rootkits), wrong permissions, hidden files, suspicious strings in kernel modules, and special tests for Linux and FreeBSD.

Installation rkhunter in 5 steps

Step 1: Download rkhunter

Login your server as root, and type the following command

wget http://biznetnetworks.dl.sourceforge.net/project/rkhunter/rkhunter/1.3.8/rkhunter-1.3.8.tar.gz

Step 2: Extract rkhunter

tar -zxvf rkhunter-1.3.8.tar.gz

Step 3: Install rkhunter

cd rkhunter-1.3.8
sh installer.sh --install

The screen as shown:

Checking system for:
 Rootkit Hunter installer files: found
 A web file download command: wget found
Starting update:
 Checking installation directory "/usr/local": it exists and is writable.
 Checking installation directories:
  Directory /usr/local/share/doc/rkhunter-1.3.8: exists and is writable.
  Directory /usr/local/share/man/man8: exists and is writable.
  Directory /etc: exists and is writable.
  Directory /usr/local/bin: exists and is writable.
  Directory /usr/local/lib: exists and is writable.
  Directory /var/lib: exists and is writable.
  Directory /usr/local/lib/rkhunter/scripts: exists and is writable.
  Directory /var/lib/rkhunter/db: exists and is writable.
  Directory /var/lib/rkhunter/tmp: exists and is writable.
  Directory /var/lib/rkhunter/db/i18n: exists and is writable.
 Installing check_modules.pl: OK
 Installing filehashsha.pl: OK
 Installing stat.pl: OK
 Installing readlink.sh: OK
 Installing backdoorports.dat: OK
 Installing mirrors.dat: OK
 Installing programs_bad.dat: OK
 Installing suspscan.dat: OK
 Installing rkhunter.8: OK
 Installing ACKNOWLEDGMENTS: OK
 Installing CHANGELOG: OK
 Installing FAQ: OK
 Installing LICENSE: OK
 Installing README: OK
 Installing language support files: OK
 Installing rkhunter: OK
 Installing rkhunter.conf in no-clobber mode: OK
 >>>
 >>> PLEASE NOTE: inspect for update changes in "/etc/rkhunter.conf.24761",
 >>> and apply to either "/etc/rkhunter.conf" or your local configuration
 >>> file before running Rootkit Hunter.
 >>>
Update complete

Step 4: Update rkhunter

At prompt type the following command

rkhunter --update

Step 5:Adding daily cron job

If you want get a mail daily with a status on your system, you need to do the following in steps:
Create file rkhunter.sh

vi /etc/cron.daily/rkhunter.sh

Add the following code

#!/bin/sh
(
/usr/local/bin/rkhunter --versioncheck
/usr/local/bin/rkhunter --update
/usr/local/bin/rkhunter --cronjob --report-warnings-only
) | /bin/mail -s 'rkhunter Daily Run' yourname@example.com

Replace yourname@example.com above with your email.

Set execute permission for rkhunter.sh

chmod +x /etc/cron.daily/rkhunter.sh

Related Posts:

{ 2 comments… read them below or add one }

Hoskitani July 17, 2011 at 6:03 pm

There is no space between ‘-‘ and install.
sh installer.sh — install =====> sh installer.sh –install

Reply

lifeLinux October 20, 2011 at 8:22 am

I updated. Thanks Hoskitani !

Reply

Previous post:

Next post: