IT Help Desk > Trojan & Backdoors

Install Rkhunter

(1/1)

mahbub-web:
Install Rkhunter
Overview

rkhunter (Rootkit Hunter) is a Unix-based tool that scans for rootkits, backdoors and possible local exploits. It does this by comparing SHA-1 hashes of important files with known good ones in online database, searching for default directories (of rootkits), wrong permissions, hidden files, suspicious strings in kernel modules, and special tests for Linux and FreeBSD.

Instructions

1. Log into your Dedicated/VPS Server via SSH.
2. Type the follow commands:


--- Code: ---wget http://sourceforge.net/projects/rkhunter/files/rkhunter/1.3.8/rkhunter-1.3.8.tar.gz/download
--- End code ---

3. Now unzip the archive:


--- Code: ---tar -zxvf rkhunter-1.3.8.tar.gz
--- End code ---

4. Then, change directory:


--- Code: ---cd rkhunter-1.3.8
--- End code ---

5. Run the installer:


--- Code: ---./installer.sh
--- End code ---

6. You can test the installation by typing this command. Note: If successful, this scan will take about 2 minutes to complete.


--- Code: ---/usr/local/bin/rkhunter -c
--- End code ---

Optional settings

After this, you may want to create a cron job to run on a daily basis. Use this shell script below:


--- Code: ---#!/bin/bash
(/usr/local/bin/rkhunter -c --sk --nocolors --check | mail -s "Daily Rkhunter Scan Report" youremail [at] email [dot] com)
--- End code ---

Simply replace the email address with your email. You can then create a cron job in the root tasks in Plesk or via ssh.
If you would like to get only warnings inside your email simply replace


--- Code: -----sk --nocolors --check
--- End code ---


--- Code: -----cronjob --report-warnings-only
--- End code ---

You can also check for software updates by adding


--- Code: -----update
--- End code ---

You may want to run the update on a different cronjob maybe a weekly basis.

ref: http://www.servernoobs.com/install-rkhunter/

Navigation

[0] Message Index

Go to full version