RKHunter is a software that is used to scan for rootkits, backdoors and possible local exploits. A rootkit is a malicious software which is capable of having administrator-level access to a computer or network. The rootkit allows the hackers to take the control of a system without the user knowing it. This post will help you to install rkhunter on CentOS.

Install RKHunter on CentOS

cd /usr/local/src
wget https://downloads.sourceforge.net/project/rkhunter/rkhunter/1.4.4/rkhunter-1.4.4.tar.gz
tar -zxvf rkhunter-1.4.4.tar.gz
cd rkhunter-*
./installer.sh --layout default --install

How to check the rkhunter version is up-to-date

 
root@server [~]# rkhunter --versioncheck
[ Rootkit Hunter version 1.4.2 ]

Checking rkhunter version...
 This version : 1.4.2
 Latest version: 1.4.2
root@server [~]#

Check for updates to database files

 
root@server [~]# rkhunter --update
[ Rootkit Hunter version 1.4.2 ]

 Checking rkhunter data files...
 Checking file mirrors.dat [ No update ]
 Checking file programs_bad.dat [ No update ]
 Checking file backdoorports.dat [ No update ]
 Checking file suspscan.dat [ No update ]
 Checking file i18n/cn [ No update ]
 Checking file i18n/de [ No update ]
 Checking file i18n/en [ No update ]
 Checking file i18n/tr [ No update ]
 Checking file i18n/tr.utf8 [ No update ]
 Checking file i18n/zh [ No update ]
 Checking file i18n/zh.utf8 [ No update ]
root@server [~]#

Update the entire file properties database

 
root@server [~]# rkhunter --propupd
[ Rootkit Hunter version 1.4.2 ]
File created: searched for 172 files, found 145
root@server [~]#

How to set up a daily RKHunter scan

Create a file under the directory “/etc/cron.daily/”

 
vim /etc/cron.daily/rkhunter.sh

Put the following script into that file.

 
#!/bin/bash
rm -rf /usr/local/src/SCAN
mkdir /usr/local/src/SCAN
SCAN=/usr/local/src/SCAN
cd $SCAN
/usr/local/bin/rkhunter -c --sk -q --summary > $SCAN/scan-rkhunter.log
sed -n '/Rootkit checks/,/Suspect applications/p' $SCAN/scan-rkhunter.log | mail -s "Rkhunter Scan Report" your@email.com

Make it executable

 
chmod +x /etc/cron.daily/rkhunter.sh

That’s it!

Was this answer helpful? 1 Users Found This Useful (1 Votes)