Linux Stall
  • Home
  • Android
  • How to
  • Perl
  • Tips
  • Tutorials
No Result
View All Result
Linux Stall
No Result
View All Result
Home How to

How to Install And Setup Rootkit Hunter On Linux Server

Chankey Pathak by Chankey Pathak
July 11, 2020
in How to
45 1
0
rkhunter software setup linux
15
SHARES
765
VIEWS
Share on FacebookShare on Twitter

rkhunter software setup linuxIn this post I will show you how to install and run Rootkit Hunter on your Linux based servers. Rootkit Hunter does what it’s name suggests, hunts for potential rootkits on your server. If you are infected you can try to clean it but you really may want to nuke the server and start from scratch or revert to a previous backup/snapshot if possible. For more information about RKHunter please visit the official Rootkit Hunter website.

Installing Rootkit Hunter

You can install Rootkit Hunter with one of the following commands depending on which Linux distro you are using.

sudo apt-get install rkhunter -y # Debian/Ubuntu
sudo yum install rkhunter -y # RHEL/CentOS/Fedora

Configuring RKHunter

Now you don’t have to do this step if you don’t want to. That being said it doesn’t hurt and it only takes a moment. Lets start by opening the configuration file located at /etc/default/rkhunter. You will want to change the information to look similar to what I have below.

# Defaults for rkhunter automatic tasks
# sourced by /etc/cron.*/rkhunter and /etc/apt/apt.conf.d/90rkhunter
#
# This is a POSIX shell fragment
#

# Set this to yes to enable rkhunter daily runs
# (default: false)
CRON_DAILY_RUN="true"

# Set this to yes to enable rkhunter weekly database updates
# (default: false)
CRON_DB_UPDATE="true"

# Set this to yes to enable reports of weekly database updates
# (default: false)
DB_UPDATE_EMAIL="false"

# Set this to the email address where reports and run output should be sent
# (default: root)
REPORT_EMAIL="[email protected]" # CHANGE THIS TO YOUR EMAIL ADDRESS

# Set this to yes to enable automatic database updates
# (default: false)
APT_AUTOGEN="true"

# Nicenesses range from -20 (most favorable scheduling) to 19 (least favorable)
# (default: 0)
NICE="0"

# Should daily check be run when running on battery
# powermgmt-base is required to detect if running on battery or on AC power
# (default: false)
RUN_CHECK_ON_BATTERY="false"

Checking For Rootkits

There are a few ways you can run Rootkit Hunter depending on what level of information you are looking for, and logs will be generated and shown at the end as-well. Here are a list of some of the possibilities below.

sudo rkhunter -C # Check only config files for changes
sudo rkhunter -c # Check entire system
sudo rkhunter -c --sk # Check entire system, skip press any key to continue
sudo rkhunter -c --rwo # Check entire system, only display warnings
sudo rkhunter -c --sk | grep -A12 -i "summary" # Check entire system, only display the summary

Manually Maintaining And Updating RKHunter

IMPORTANT: Whenever you change a configuration file such as /etc/ssh/sshd_config for example, you need to update Rootkit Hunter’s database or else it will give you a warning when running checks. You can do this by running the following command. If you changed the RKHunter configuration in the previous step then you should run the command below.

sudo rkhunter --propupd

To update the definitions/signatures you can run the following command, you can also schedule this as a cronjob as-well if you would like automatic daily updates (you can enable weekly updates in the configuration but why not do it daily?).

sudo echo "rkhunter --update" > /etc/cron.daily/rkhunter-update # Create daily cronjob for RKHunter updates
sudo rkhunter --update # Manually update

I hope this guide has helped you setup and user Rootkit Hunter on your servers. Please don’t forget to comment/share, Thanks!

Tags: how tomalwaresecurity
Previous Post

Packing and Unpacking Files In Linux

Next Post

Check Free Memory/RAM In Linux

Chankey Pathak

Chankey Pathak

Data Scientist at Morgan Stanley. I've been using Linux since past 12 years. I plan to share what I know about Linux in this blog.

Related Posts

The three-dimensional network topology infographics with ip addresses 3d illustration
How to

Identifying and Resolving IP Address Conflicts with Linux

July 23, 2020
procmon
How to

Microsoft releases ProcMon (Process Monitor) utility for Linux

July 21, 2020
searching file
How to

How to find files by size in Linux

July 12, 2020
Blue padlock icon computer security system vector
How to

How To Enable TLS Encryption On Postfix

July 12, 2020
Blue padlock icon computer security system Encryption
How to

Running Commands Automatically Over SSH

July 12, 2020
sar command output
How to

How to Install And Enable SAR (SYSSTAT) On Linux Servers

July 12, 2020
Next Post
linux-processes

Check Free Memory/RAM In Linux

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

  • Terms and Conditions
  • Contact Us
  • About Us

© 2012 - 2020 Linux Stall - A place for all your Linux needs.

No Result
View All Result
  • Home
  • Android
  • How to
  • Perl
  • Tips
  • Tutorials

© 2012 - 2020 Linux Stall - A place for all your Linux needs.

Welcome Back!

Login to your account below

Forgotten Password?

Create New Account!

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In