Rkhunter Installation

Submitted by eth00 on
Untitled Document No security system is perfect and it is always good to have some forms of intrusion detection just incase somebody does get in you can be notified. Do not immediatly get worried if in an email you get a positive, many of them are false and from upgrades. I would first suggest running "rkhunter -c" from ssh and looking at the errors. If it is a few bad binaries you should check to see what was updated recently. If you have a rootkit detected you should start to worry because it is very uncommon for a false positive on a rootkit or trojan.

Download and unzip rkhunter
cd /usr/local/src/
wget http://downloads.rootkit.nl/rkhunter-1.2.8.tar.gz
tar -zxf rkhunter-1.2.8.tar.gz
cd rkhunter

Install it

Now create a cronjob so it will email you with notifications to the root mailbox:
crontab -e

Now the crontab is going to be created. The first line is an update function so that you can be assured your rkhunter has the latest rules before it scans your system. The second line will run the actual scan an email root the results. At the bottom add the following line
10 0 * * * /usr/local/bin/rkhunter --update > /dev/null 2>&1
25 0 * * * /usr/local/bin/rkhunter -c --nocolors --cronjob --report-mode --createlogfile --skip-keypress --quiet

Press control x to save

Articles and guides: