Rkhunter (Rootkit Hunter) is a Unix-based tool that scans for rootkits, backdoors and possible local exploits
Installation :
cd /tmp
wget http://ncu.dl.sourceforge.net/project/rkhunter/rkhunter/1.4.0/rkhunter-1.4.0.tar.gz
tar -xvf rkhunter-1.4.0.tar.gz
cd rkhunter-1.4.0
./installer.sh --layout default --install
Updating rkhunter
Run the RKH updater to fill the database properties by running the following command :
/usr/local/bin/rkhunter --update
/usr/local/bin/rkhunter --propupd
To add cron:
Create a file called rkhunter.sh under /etc/cron.daily/, which then scans your file system every day and sends email notifications to your email id. Create following file with the help of your favourite editor.
vi /etc/cron.daily/rkhunter.sh
Add the following lines of code to it and replace “YourServerNameHere” with your “Server Name” and “your@email.com” with your “Email Id“.
#!/bin/sh
(
/usr/local/bin/rkhunter --versioncheck
/usr/local/bin/rkhunter --update
/usr/local/bin/rkhunter --cronjob --report-warnings-only
) | /bin/mail -s 'rkhunter Daily Run (PutYourServerNameHere)' your@email.com
Set execute permission on the file :
chmod 755 /etc/cron.daily/rkhunter.sh
To scan the entire file system, run the Rkhunter as a root user :
rkhunter --check
The above command generates log file under /var/log/rkhunter.log,
With the checks results made by Rkhunter.
For more information and options please run the following command.
rkhunter --help
No comments:
Post a Comment