How to install RKHunter

Posted by: Chris  :  Category: Linux Tips

I’ve taken on a couple of new servers, so I figured I would share this little tidbit of information.  RKHunter stands for root kit hunter, which will scan your system for nasty root kits.  A quote from the site:

Rootkit scanner is scanning tool to ensure you for about 99.9%* you’re clean of nasty tools. This tool scans for rootkits, backdoors and local exploits by running tests like:

– MD5 hash compare
– Look for default files used by rootkits
– Wrong file permissions for binaries
– Look for suspected strings in LKM and KLD modules
– Look for hidden files
– Optional scan within plaintext and binary files

Rootkit Hunter is released as GPL licensed project and free for everyone to use.

* No, not really 99.9%.. It’s just another security layer

To install this goody, we log into our server, then make sure you are the root user.  The latest version as if this post is 1.3.4.  If you like to keep things organized, and you should, I always download things into a specific directory.  I went all out on the naming this directory, so that no one can figure out what’s in it! :)  I called it ‘downloads’, and, I have it right under my root users main folder.  So, I start off by changing to the ‘downloads’ folder.

root@server [~]# cd downloads

Next, I use wget to grab the rkhunter program:

root@server [~/downloads]# wget

Now to extract it, and then move into the new directory:

root@server [~/downloads]#  tar -zxvf rkhunter-1.3.4.tar.gz

root@server [~/downloads]# cd rkhunter-1.3.4

Next, we run the installer script.  The default layouts are good enough to use:

root@server[~/downloads/rkhunter-1.3.4]# ./ –layout default –install

This will install the program into ‘/usr/local/bin/rkhunter’‘.

Now, you can run a scan from the command line by typing:

root@server [~]# rkhunter -c

Logs for the program get saved to ‘/var/log/rkhunter.log’.  A nice thing to do though, it to set up a cron job to run the tool once a day, and then email you the results.  To do this, complete the following:

root@server [~]# vi /etc/cron.daily/

Now, paste the following code into the newly created file, make sure to change the email address at the end though:

(/usr/local/bin/rkhunter -c –cronjob 2>&1 | mail -s “Your Daily RKHunter Scan Report”

Save your file ( :wq ), and your set.  Now, we enable the file to be able to run:

root@server [~]# chmod +x /etc/cron.daily/

You have now setup a daily cron, that will email you the results of your RKHunter scan.

9 Responses to “How to install RKHunter”

  1. Annie ( Property Cafe ) Wagner Says:

    Excellent blog well done and I am really pleased to stumble on : this it’s just what I needed to know. I shall be very pleased to become a regular visitor

    Best Regards

  2. Molly Farrell Says:

    Cheers for the informative page – I enjoyed reading it! I always love your blog. :)

  3. xbox 360 Says:

    You made some good points there, i’m surely bookmark this as 1 of my favourite blog!

  4. clubpenguin Says:

    Thanks for the post!

  5. Pakzisfaf Says:

    Hi guys,

    I know this might be a bit off topic but seeing that a bunch of you own websites, where would the best place be to host. Someone recommended I use Blue Host for $6.95 a month which seems like a great deal. Anyone here on using them?

  6. Chris Says:

    I always recommend to stay away from the cheap hosts, as the saying goes, you get what you pay for. I would use RoboHostingSolutions for all your shared hosting. They also do custom plans, just get in touch with them.

  7. jordan shoes Says:

    Good job. I’m definitely going to bookmark you!

  8. cheap nike shox Says:

    Thanks for

    your sharing, it’s very useful

  9. Roshan Says:

    Rkhunter plugin creation howto for cpanel:

Leave a Reply