Be honest, how much have you considered server security in the past? In this day and age, it’s not something that should be taken lightly. Today I’ll be teaching you how to install RKHunter. RKHunter (ie: Rootkit Hunter) is a nifty little script that runs via cron daily that checks your server for the most obvious rootkits that might have been placed there by somebody with some kind of malicious intent.
Note: This tutorial is written as of RKHunter v1.3.4. Always make sure that you’re installing the latest version for best results.
First we’re going to download the script, extract it, and begin the installer. Copy this code and paste it into your SSH window.
wget http://garr.dl.sourceforge.net/sourceforge/rkhunter/rkhunter-1.3.4.tar.gz
tar -zxvf rkhunter-1.3.4.tar.gz
cd rkhunter-1.3.4
./installer.sh
Hard right? Guess what, that’s it for the installation! Next you can run a scan by pasting the following line into your SSH window:
/usr/local/bin/rkhunter -c
Updating RKHunter is just about, if not easier than the installation. Updating RKHunter retrieves the latest database from the rootkit.nl central server and matches your server OS to help prevent false positives. To update just execute the following command:
/usr/local/bin/rkhunter –update
Now lets set it up so that it scans daily and emails you a copy of the results. Let’s start by setting up a daily cron job:
nano /etc/cron.daily/rkhunter.sh
That created a new empty cron job, now let’s give it something to do. Copy these lines into the new file you just created, making sure to replace your email address:
#!/bin/bash
(/usr/local/bin/rkhunter -c –cronjob 2>&1 | mail -s “Daily Rkhunter Scan Report” email@domain.com)
Now we’ll save the file we just created by doing the following:
ctrl-x to close the file, Hit “y” to accept the file changes, and hit enter to overwrite the file.
And we’ll finish off our cron job by executing the following command:
chmod +x /etc/cron.daily/rkhunter.sh
And that’s it! Keep in mind, RKHunter is only a small tool in a very large array of server security tools. That’s for another post though.
0 Responses to “Installing RKHunter”