Tweet
This post explains how to install RKHunter in Linux. Rootkit scanner is a scanning tool. This tool scans for rootkits, backdoors and local exploits by running tests like:
- MD5 hash compare
- Look for default files used by rootkits
- Wrong file permissions for binaries
- Look for suspected strings in LKM and KLD modules
- Look for hidden files
- Optional scan within plaintext and binary files
Rootkit Hunter is released as GPL licensed project and free for everyone to use. Can be downloaded from
Installation:
Change to usr/local/src to download the package
Now adding the cron entry :
Securing the script
Thats it. You can run it manually using the following command :
#rkhunter -c -sk
- MD5 hash compare
- Look for default files used by rootkits
- Wrong file permissions for binaries
- Look for suspected strings in LKM and KLD modules
- Look for hidden files
- Optional scan within plaintext and binary files
Rootkit Hunter is released as GPL licensed project and free for everyone to use. Can be downloaded from
Code:
http://www.rootkit.nl
Installation:
Change to usr/local/src to download the package
Code:
#cd /usr/local/src Download the package #wget [url]http://dfn.dl.sourceforge.net/sourceforge/rkhunter/rkhunter-1.3.6.tar.gz[/url] Untar the source #tar -zxvf rkhunter-1.3.6.tar.gz #cd rkhunter-1.3.6 #./installer.sh --layout default --install #/usr/local/bin/rkhunter --update /#usr/local/bin/rkhunter --propupd
Code:
#vi /etc/cron.daily/rkhunter.sh #!/bin/sh ( /usr/local/bin/rkhunter --versioncheck /usr/local/bin/rkhunter --update /usr/local/bin/rkhunter --cronjob --report-warnings-only ) | /bin/mail -s 'rkhunter Daily Run (Server_identification_id)' Emailid_to_get_notifications
Code:
#chmod 700 /etc/cron.daily/rkhunter.sh
#rkhunter -c -sk