How to configure and install rootkit hunter

How to configure and install rootkit hunter

Rootkit hunter:

Rkhunter [rootkit hunter] is a security tool that is based on Linux/Unix system. Rkhunter is an open source scanner that is used to scan rootkit, backdoors and utilize other program on your system. rootkit hunter is also scans the suspicious string ,wrong permission set on binaries, and hidden files on kernel. Rkhunter is the self hiding tool kit that is secretly installed by malicious intruder to allow user to access to the server. Rootkit offers powerful protection as compare to others.

Steps to Install rkhunter for CentOS, RHEL:

Step 1: Download the rkhunter:

Before installing the rkhunter first you need to download the new version of rkhunter tool into your system via using the following command

# cd /tmp

# wget http://ncu.d1.sourceforge.net/project/rkhunter/rkhunter/1.4.0/rkhunter1.4.0.tar.gaz

Or you can also download the latest version in another way using the given link

http://www.rootkit.nl/projects/rootkit_hunter.html.

Step 2: Install rkhunter:

After downloading the new version of rkhunter executes the given command as root to install rkhunter.

# tar –xvf rkhunter-1.4.0.tar.gaz

# cd rkhunter-1.4.0

# ./installer.sh - - layout default - - install

Step4: Update rkhunter:

For updating the rkhunter using the given command

# /usr/local/bin/rkhunter/ - - update

# /usr/local/bin/rkhunter/ - -propupd

Step5: setting of Cronjob and E-mail:

For scan your files daily and wants to send e-mail notification than you need to create a file rkhunter .sh into the directory name as: /etc/cron.daily/.

# vi /etc/cron.daily/rkhunter.sh

After that change the server name and e-mail id by simply adding the code given below

# ! /bin/sh

{

/usr/local/bin/rkhunter - -versioncheck

/usr/local/bin/rkhunter - -update

/usr/local/bin/rkhunter - - Cronjob - -report-warnings-only

} | /bin/mail –s ‘rkhunter Daily Run (putYourServerNameHere)’ abc@email.com.

And set the execution permission via following command

# chmod 755 /etc/cron.daily/rkhunter.sh

Step 6: execute the rkhunter as root user for scanning the entire system.

# rkhunter - -check
Author
Jaishree
Views
4,057
First release
Last update
Rating
0.00 star(s) 0 ratings
Top