Rkhunter is RootKit Hunter. It is a scanning tool which will scan for rootkits, backdoors, and local exploits. RKHunter will ensure you about 99.9% that your dedicated web server is secure.
# cd /usr/local/src/
# wget http://space.dl.sourceforge.net/project/rkhunter/rkhunter/1.3.8/rkhunter-1.3.8.tar.gz
# tar -xzvf rkhunter-*.tar.gz
# cd rkhunter*
# ./installer.sh –install
You can test the installation by typing following command.
Note: If successful, this scan will take about 2/3 minutes to complete.
# /usr/local/bin/rkhunter –c
Update rkhunter by
# rkhunter –update
Setup RKHunter to e-mail you you daily scan reports.
# vi /etc/cron.daily/rkhunter.sh
Add The Following:
(/usr/local/bin/rkhunter -c –cronjob 2>&1 | mail -s “Daily RKHunter Scan Report” [email protected])
# chmod +x /etc/cron.daily/rkhunter.sh
You can set up the cron as below as well.
( /usr/local/bin/rkhunter –versioncheck
/usr/local/bin/rkhunter –cronjob –report-warnings-only
) | /bin/mail -s ” rkhunter output” [email protected]
You have now setup a daily cron, that will email you the results of your RKHunter scan.
–checkall (or -c)Check the system, performs all tests.
–createlogfile*Create a logfile (default /var/log/rkhunter.log)
–cronjobRun as cronjob (removes colored layout)
–help (or -h)Show help about usage
–nocolors*Don’t use colors for output (some terminals don’t like colors or extended layout characters)
–report-mode*Don’t show uninteresting information for reports, like header/footer. Interesting when scanning from crontab or with usage of other applications.
–skip-keypress*Don’t wait after every test (makes it non-interactive)
–quick*Perform quick scan (instead of full scan). Skips some tests and performs some enhanced tests (less suitable for normal scans).
–versionShow version and quit
–versioncheckCheck for latest version