Installing Rkhunter (Rootkit Hunter)


First download the latest stable version of Rkhunter tool:

wget http://ncu.dl.sourceforge.net/project/rkhunter/rkhunter/1.4.0/rkhunter-1.4.0.tar.gz

Once you have downloaded the latest version, run the following commands as a root user to install it:

tar -xvf rkhunter-1.4.0.tar.gz
cd rkhunter-1.4.0
./installer.sh --layout default --install

Run the RKH updater to fill the database properties by running the following commands:

/usr/local/bin/rkhunter --update
/usr/local/bin/rkhunter -propupd

Create a file called rkhunter.sh under /etc/cron.daily/, which then scans your file system every day and sends email notifications to your email id. Create following file:

nano /etc/cron.daily/rkhunter.sh

Add the following lines of code to it and replace "YourServerNameHere" with your "Server Name" and "your@email.com" with your "Email":

#!/bin/sh
(
/usr/local/bin/rkhunter --versioncheck
/usr/local/bin/rkhunter --update
/usr/local/bin/rkhunter --cronjob --report-warnings-only
) | /bin/mail -s 'rkhunter Daily Run (PutYourServerNameHere)' your@email.com

Set execute permission on the file:

chmod 755 /etc/cron.daily/rkhunter.sh

To scan the entire file system manually, run the Rkhunter as a root user.

rkhunter -check

The above command generates a log file under /var/log/rkhunter.log with the checked results made by Rkhunter. 

For more information and options please run the following command:

rkhunter --help 

Was this answer helpful?

 Print this Article

Also Read

Use PING to find network problems

PING allows you to quickly verify the connectivity of your internet connection to the VPS server....

Quickly allowing/denying IP’s using iptables

How do you block an IP using iptables?iptables -A INPUT -s xx.xx.xx.xx -j DROPHow do you block an...

Install ConfigServer firewall application

ConfigServer firewall is a popular Linux firewall security suite. It is easy to install, flexible...

Create an SPF record for domain

The Sender Policy Framework (SPF) is a method of fighting spam. As more time passes, this...

Close an Open DNS

The terms Open and Closed are now used to describe DNS servers in the following context: Open...