Rkhunter (Rootkit Hunter) is a security tool used to scan for rootkits, backdoors, and exploits on Unix-based systems. Follow these steps to install and configure Rkhunter on your server:
Download Rkhunter
Start by downloading the latest stable version of Rkhunter:
wget http://ncu.dl.sourceforge.net/project/rkhunter/rkhunter/1.4.0/rkhunter-1.4.0.tar.gz
Install Rkhunter
Extract the downloaded tarball, navigate to the extracted directory, and run the installer:
tar -xvf rkhunter-1.4.0.tar.gz
cd rkhunter-1.4.0
./installer.sh --layout default --install
Update Rkhunter Database
Update the Rkhunter database and properties:
/usr/local/bin/rkhunter --update
/usr/local/bin/rkhunter -propupd
Create a Daily Cron Job
Create a cron job to run Rkhunter daily and send email notifications. First, create a script file:
nano /etc/cron.daily/rkhunter.sh
Add the following content to the file, replacing "YourServerNameHere"
and "your@email.com"
with your server name and email address, respectively:
#!/bin/sh
(
/usr/local/bin/rkhunter --versioncheck
/usr/local/bin/rkhunter --update
/usr/local/bin/rkhunter --cronjob --report-warnings-only
) | /bin/mail -s 'rkhunter Daily Run (YourServerNameHere)' your@email.com
Set execute permissions for the script:
chmod 755 /etc/cron.daily/rkhunter.sh
Manual Scanning
To manually scan your file system, run:
rkhunter -check
This will generate a log file at /var/log/rkhunter.log
with the results of the scan.
Additional Information
For more options and details about Rkhunter, use:
rkhunter --help
This setup ensures Rkhunter scans your system daily and alerts you to potential issues, helping maintain server security.