Thursday, February 9, 2012

Install RKHunter in centos

Advertisements

This post explains how to install RKHunter  in Linux. Rootkit scanner is a scanning tool. This tool scans for rootkits, backdoors and local exploits by running tests like:

- MD5 hash compare
- Look for default files used by rootkits
- Wrong file permissions for binaries
- Look for suspected strings in LKM and KLD modules
- Look for hidden files
- Optional scan within plaintext and binary files

Rootkit Hunter is released as GPL licensed project and free for everyone to use. Can be downloaded from http://www.rootkit.nl



Installation:
Change to usr/local/src to download the package

#cd /usr/local/src
Download the package
#wget http://dfn.dl.sourceforge.net/sourceforge/rkhunter/rkhunter-1.3.6.tar.gz
Untar the source
#tar -zxvf rkhunter-1.3.6.tar.gz
#cd rkhunter-1.3.6
#./installer.sh --layout default --install
#/usr/local/bin/rkhunter --update
/#usr/local/bin/rkhunter --propupd

Now adding the cron entry :
#vi  /etc/cron.daily/rkhunter.sh

#!/bin/sh
(
/usr/local/bin/rkhunter --versioncheck
/usr/local/bin/rkhunter --update
/usr/local/bin/rkhunter --cronjob --report-warnings-only
) | /bin/mail -s 'rkhunter Daily Run (Server_identification_id)'  Emailid_to_get_notifications

Securing the script
#chmod 700 /etc/cron.daily/rkhunter.sh

Thats it. You can run it manually using the following command :
#rkhunter -c -sk
Advertisements

1 comment:

  1. SteveJuly 27, 2012 at 9:02 AM

    I got some positive results but when I looked at the files they looked pretty normal to me.

    ReplyDelete

Be nice. That's all.

Subscribe to: Post Comments (Atom)