How To Install RKHunter

RKHunter also known as RootKit Hunter is a scanning tool to ensure you for about 99.9% that you don’t have any rootkits, backdoors, and local exploits but running tests and e-mailing you results.


How To Install RKHunter



RKHunter – (RootKit Hunter) Is a security scanning tool which will scan for rootkits, backdoors, and local exploits.
RKHunter will ensure you about 99.9% that your dedicated web server is secure.

1. Login to your server via SSH as root.
Then Type: cd /usr/local/src/

2. Download RKHunter Version 1.1.4
Type: wget http://optusnet.dl.sourceforge.net/sourceforge/rkhunter/rkhunter-1.3.0.tar.gz

3. Extract files
Type: tar -xzvf

rkhunter-1.3.0.tar.gz

4. Type: cd

rkhunter-1.3.0.tar.gz

5. Type: ./installer.sh –help

The default should do

./installer.sh –layout /usr/local –install


6. Lets setup RKHunter to e-mail you you daily scan reports.
Type: pico -w /etc/cron.daily/rkhunter.sh
Add The Following:



#!/bin/bash
(/usr/local/bin/rkhunter -c –cronjob 2>&1 | mail -s “RKhunter Scan Details” replace-this@with-your-email.com )


Replace the e-mail above with your e-mail!! It is best to send the e-mail to an e-mail off-site so that if the box IS compromised the hacker can’t erase the scan report unless he hacks another server too.
Type: chmod +x /etc/cron.daily/rkhunter.sh

Additional Info

Rootkit Hunter usage

Rootkit Hunter is a package which contains a few binary scripts
(shell / perl) and a few databases.

You can use Rootkit Hunter by running
‘rkhunter’ with one or more parameters (when using no parameters at all, you’ll
get the usage screen).


Usage:
rkhunter <parameters>

–checkall (or
-c)

Check the system, performs all
tests.

–createlogfile*
Create a logfile (default
/var/log/rkhunter.log)

–cronjob
Run as cronjob (removes
colored layout)

–help (or -h)
Show help about
usage

–nocolors*
Don’t use colors for output (some terminals
don’t like colors or extended layout
characters)

–report-mode*
Don’t show uninteresting information
for reports, like header/footer. Interesting when scanning from crontab or with
usage of other applications.

–skip-keypress*
Don’t wait after
every test (makes it non-interactive)

–quick*
Perform quick
scan (instead of full scan). Skips some tests and performs some enhanced tests
(less suitable for normal scans).

–version
Show version and
quit

–versioncheck
Check for latest version

RKHunter let me know there was something wrong with my dedicated server, What do I do?

1. If your system is infected with an rootkit, it’s almost impossible to clean it up (lets say with a full warranty it’s clean). Never trust a machine which has been infected with a rootkit, because hiding is the root kit’s main purpose.
(So a fresh installation of the operating system is NEEDED)

2. If only one check fails it is possible that you have a “false positive”.
This sometimes occurs due to custom configurations or changed binaries. If this happens you can validate the ‘false positive’ by checking for untrusted paths, knowing if oyu recently updated the binary, and rkhunter just is out of date, and you can also compare your binaries with other trusted binaries to ensure they are in fact ‘safe’ from a root kit.

RKHunter Faq Can Be Found Here www.rootkit.nl

Facebook Comments

More Stuff

GNOME at 20: Four reasons it's still my favorite GUI The GNOME desktop turns 20 on August 15, and I'm so excited! Twenty years is a major milestone for any open source software project, especially a grap...
Firefox Turns Five Yesterday marked five years since the release of version 1.0 of the Mozilla Firefox web browser. Five years down the road, its success has surely play...
Encryption: Balancing the Needs of Law Enforcement and the Fourth ... If you’ve watched or read the news anytime during the past two months, you’ve surely heard about the U.S. government’s request for Apple to unlock an ...
How to manage Linux containers with Ansible Container I love containers and use the technology every day. Even so, containers aren't perfect. Over the past couple of months, however, a set of projects has...
Spread the love

Posted by News Monkey