Rkhunter installation and cron Job Setup

Rkhunter is RootKit Hunter. It is a scanning tool which will scan for rootkits, backdoors, and local exploits. RKHunter will ensure you about 99.9% that your dedicated web server is secure.

# cd /usr/local/src/

# wget http://space.dl.sourceforge.net/project/rkhunter/rkhunter/1.3.8/rkhunter-1.3.8.tar.gz

# tar -xzvf rkhunter-*.tar.gz

# cd rkhunter*

# ./installer.sh –install

You can test the installation by typing following command.
Note: If successful, this scan will take about 2/3 minutes to complete.

# /usr/local/bin/rkhunter –c

Update rkhunter by

# rkhunter –update

Setup RKHunter to e-mail you you daily scan reports.

# vi /etc/cron.daily/rkhunter.sh

Add The Following:


(/usr/local/bin/rkhunter -c –cronjob 2>&1 | mail -s “Daily RKHunter Scan Report” [email protected])

# chmod +x /etc/cron.daily/rkhunter.sh

You can set up the cron as below as well.


( /usr/local/bin/rkhunter –versioncheck

/usr/local/bin/rkhunter –update

/usr/local/bin/rkhunter –cronjob –report-warnings-only

) | /bin/mail -s ” rkhunter output” [email protected]

You have now setup a daily cron, that will email you the results of your RKHunter scan.


rkhunter <parameters>

–checkall (or -c)Check the system, performs all tests.
–createlogfile*Create a logfile (default /var/log/rkhunter.log)
–cronjobRun as cronjob (removes colored layout)
–help (or -h)Show help about usage
–nocolors*Don’t use colors for output (some terminals don’t like colors or extended layout characters)
–report-mode*Don’t show uninteresting information for reports, like header/footer. Interesting when scanning from crontab or with usage of other applications.
–skip-keypress*Don’t wait after every test (makes it non-interactive)
–quick*Perform quick scan (instead of full scan). Skips some tests and performs some enhanced tests (less suitable for normal scans).
–versionShow version and quit
–versioncheckCheck for latest version

Tagged . Bookmark the permalink.

Leave a Reply