Rootkit Hunter or better known as rkhunter is a scanning tool. It helps you to scan out many exploits like backdoors, common exploits like – E-mail injection, Buffer overflows, format string bugs, and rootkits where the name originates from.
Rkhunter is a UNIX based tool. The way of working, for rkhunter goes like that it compares SHA-1 hashes for important files with the known good files in an online database. It searches for hidden files, doubtful strings in kernel modules, default directories for rootkits, Optional scan within plain text and binary files. It also performs special tests for FreeBSD and Linux. By performing these tasks, Rootkit Hunter ensures that your system is about 99% free from many kind of nasty tools.
Rootkit Hunter supports most of the Linux distributions like CentOS, Fedora, Ubuntu and Redhat. BSD distributions from BSD 4 to BSD 8 all are supported by Rootkit Hunter.
Follow the below steps to install Rkhunter in Linux systems.
Step 1: Downloading Rkhunter
First download the latest stable version of Rkhunter tool by going to
http://www.rootkit.nl/projects/rootkit_hunter.html or use below wget command to download it on your systems.
# cd /tmp
# wget http://downloads.sourceforge.net/project/rkhunter/rkhunter/1.4.2/rkhunter-1.4.2.tar.gz
Step 2: Installing Rkhunter
Once you have downloaded the latest version, run the following commands as a root user to install it.
# tar -xvf rkhunter-1.4.2.tar.gz
# cd rkhunter-1.4.2
# ./installer.sh --layout default --install
Step 3: Updating Rkhunter
Run the RKH updater to fill the database properties by running the following command.
# /usr/local/bin/rkhunter --update
# /usr/local/bin/rkhunter --propupd
Step 4: Setting Cronjob and Email Alerts
Create a file called rkhunter.sh under /etc/cron.daily/, which then scans your file system every day and sends email notifications to your email id. Create following file with the help of your favourite editor.
# vi /etc/cron.daily/rkhunter.sh
Add the following lines of code to it and replace “YourServerNameHere” with your “Server Name” and “your@email.com” with your “Email Id“.
#!/bin/sh
(
/usr/local/bin/rkhunter --versioncheck
/usr/local/bin/rkhunter --update
/usr/local/bin/rkhunter --cronjob --report-warnings-only
) | /bin/mail -s 'rkhunter Daily Run (PutYourServerNameHere)' your@email.com
Set execute permission on the file.
# chmod 755 /etc/cron.daily/rkhunter.sh
Step 5: Manual Scan and Usage
To scan the entire file system, run the Rkhunter as a root user.
# rkhunter --check
For more information and options please run the following command.
# rkhunter --help
Post A Comment:
0 comments: