Before we install Rkhunter, we have to discuss about “Rootkit”. A rootkit is a type of software that is designed to hide the existence of a certain processes or programs from normal methods of detection. Rootkit programs will have continued privilege to access a server while actively hiding its presence on the server. Originally, a rootkit is a collection of tools to access a server in administrator level where Root refers to the Admin account on Linux systems and kit refers the software components that creates the tool. Rootkits are generally associated with malware- such as Trojans, viruses, worms.
A rootkit allows someone to maintain the server by executing commands on the server without the knowledge of the owner. Once a rootkit is installed on a server, the controller of the rootkit has the privilege to execute the files remotely and change the system configuration on the server machine. A rootkit on an infected server also has access to log files and spy on the computer owner’s usage. Rootkit detection is difficult because a rootkit may able to change the software that is intended to find it. Rkhunter (Rootkit hunter) is an open source scanner for Linux systems to find out if the server is infected by any rootkits. Let’s discuss about the installation of Rkhunter on the Linux server.
1) Download the latest version of Rkhunter by executing the command below. Before that let’s move the current directory to temp directory.
# cd /tmp
2) Install the Rkhunter on your server. For that, extract the tar file you have downloaded and then install Rkhunter.
# tar -xvf rkhunter-1.4.0.tar.gz
# cd rkhunter-1.4.0
# ./installer.sh –layout default –install
3) To update the Rkhunter software run the command below.
# /usr/local/bin/rkhunter –update
# /usr/local/bin/rkhunter –propupd
4) Now, let’s discuss about how to initialize the rootkit scan on the server by Rkhunter. For that you need to run either one of the commands below.
# rkhunter -c
# rkhunter –check
The scan result can be viewed through the log file of Rkhunter, which is located on “/var/log/rkhunter.log”
Check the help page of Rkhunter for more information by executing the command below.
# rkhunter –help
5) You can also setup a daily cron job on your server. For this you can use the following command.
# vi /etc/cron.daily/rkhunter-cron.sh
Add the following lines of code to it and replace (PutYourServerNameHere) AND email@example.com to your servername and email address.
/usr/local/bin/rkhunter –cronjob –report-warnings-only
) | /bin/mail -s ‘rkhunter Daily Scan Report (PutYourServerNameHere)’ firstname.lastname@example.org
6) Set execute permission on the file you have just created.
# chmod 755 etc/cron.daily/rkhunter-cron.sh
That’s it! An email with the results of Rkhunter scan will be sent on your email address on a daily basis.
If you need any further help please contact our support department.
You can skip to the end and leave a response. Pinging is currently not allowed.