Advertisement
Home arrow Linux Shell commands arrow How To Install RKHunter
How To Install RKHunter
Written by wiredgorilla   
Wednesday, 18 August 2004
RKHunter also known as RootKit Hunter is a scanning tool to ensure you for about 99.9% that you don't have any rootkits, backdoors, and local exploits but running tests and e-mailing you results.

How To Install RKHunter

 

 

RKHunter - (RootKit Hunter) Is a security scanning tool which will scan for rootkits, backdoors, and local exploits. RKHunter will ensure you about 99.9% that your dedicated web server is secure.

1. Login to your server via SSH as root.
Then Type: cd /usr/local/src/

2. Download RKHunter Version 1.1.4
Type: wget http://optusnet.dl.sourceforge.net/sourceforge/rkhunter/rkhunter-1.3.0.tar.gz

3. Extract files
Type: tar -xzvf rkhunter-1.3.0.tar.gz

4. Type: cd rkhunter-1.3.0.tar.gz

5. Type: ./installer.sh --help

The default should do

 

./installer.sh --layout /usr/local --install


6. Lets setup RKHunter to e-mail you you daily scan reports.
Type: pico -w /etc/cron.daily/rkhunter.sh
Add The Following:

 

 


#!/bin/bash
(/usr/local/bin/rkhunter -c --cronjob 2>&1 | mail -s "RKhunter Scan Details" This e-mail address is being protected from spam bots, you need JavaScript enabled to view it )

 

 
Replace the e-mail above with your e-mail!! It is best to send the e-mail to an e-mail off-site so that if the box IS compromised the hacker can't erase the scan report unless he hacks another server too.
Type: chmod +x /etc/cron.daily/rkhunter.sh

Additional Info

 

Rootkit Hunter usage



Rootkit Hunter is a package which contains a few binary scripts (shell / perl) and a few databases.

You can use Rootkit Hunter by running 'rkhunter' with one or more parameters (when using no parameters at all, you'll get the usage screen).



Usage:
rkhunter <parameters>

--checkall (or -c)
Check the system, performs all tests.

--createlogfile*
Create a logfile (default /var/log/rkhunter.log)

--cronjob
Run as cronjob (removes colored layout)

--help (or -h)
Show help about usage

--nocolors*
Don't use colors for output (some terminals don't like colors or extended layout characters)

--report-mode*
Don't show uninteresting information for reports, like header/footer. Interesting when scanning from crontab or with usage of other applications.

--skip-keypress*
Don't wait after every test (makes it non-interactive)

--quick*
Perform quick scan (instead of full scan). Skips some tests and performs some enhanced tests (less suitable for normal scans).

--version
Show version and quit

--versioncheck
Check for latest version

 

 

 

RKHunter let me know there was something wrong with my dedicated server, What do I do?

1. If your system is infected with an rootkit, it's almost impossible to clean it up (lets say with a full warranty it's clean). Never trust a machine which has been infected with a rootkit, because hiding is the root kit's main purpose.
(So a fresh installation of the operating system is NEEDED)

2. If only one check fails it is possible that you have a "false positive".
This sometimes occurs due to custom configurations or changed binaries. If this happens you can validate the 'false positive' by checking for untrusted paths, knowing if oyu recently updated the binary, and rkhunter just is out of date, and you can also compare your binaries with other trusted binaries to ensure they are in fact 'safe' from a root kit.

RKHunter Faq Can Be Found Here www.rootkit.nl

 




Reddit!Del.icio.us!Google!Live!Facebook!Slashdot!Netscape!Technorati!StumbleUpon!Newsvine!Furl!Yahoo!Ma.gnolia!Free social bookmarking plugins and extensions for Joomla! websites!
Last Updated ( Tuesday, 12 February 2008 )
 
< Prev   Next >
[ Back ]