Installing rkhunter

Posted: 0p in Linux

rkhunter is a server scanning tool. It can be use to find any security loop holes on a sever, trojans etc. For installing and running it on your server, please follow the below instructions.
Download and unzip rkhunter.
—–command—–
cd /usr/local/src/
wget http://downloads.rootkit.nl/rkhunter-1.2.8.tar.gz
tar -zxf rkhunter-1.2.8.tar.gz
cd rkhunter
./installer.sh

Now you need to create a cronjob so that it will email you with notifications to the root mailbox:
—–command—–
crontab -e
Now the crontab is going to be created. The first line is an update function so that you can be assured your rkhunter has the latest rules before it scans your system. The second line will run the actual scan an email root the results. At the bottom add the following lines.
10 0 * * * /usr/local/bin/rkhunter –update > /dev/null 2>&1
25 0 * * * /usr/local/bin/rkhunter -c –nocolors –cronjob –report-mode –createlogfile –skip-keypress –quiet
Write Quit the file.
You may also execute rkhunter manually by this below command on your server as root.
/usr/local/bin/rkhunter -c –sk

The scan will give you result of scans on console, saying ok or giving warning etc for different checks (like rootkit files check, check for malware, network etc), pausing for you to press enter before performing each set of test. You can review the results on the console in real time and if you have any doubt about any output, you can search on internet for that or consult a system administrator. Or you can drop a comment and I will try to help/guide with any issues you might have.
It logs all the output in below file, so you can review that file at any time after completing the scan :

/var/log/rkhunter.log
============================================================================

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s