twitter

How To's Tutorials

Detect rootkits and malware on Linux Servers using rkhunter

 

Overview :

 

Rkhunter  stands for  RootkitHunter. It is an open source scanner software or a shell script in UNIX like operating system that  detects known rootkits and malware on linux servers.

 

It also performs checks to see if commands have been modified, if the system startup files have  been modified, and various checks on the network interfaces, including checks for listening applications.

 

Installation Steps of rkhunter on Centos/RHEL/Fedora

 

 

 

Step:1 Download the  tar file of stable version of rkhunter

 

#  wget http://kaz.dl.sourceforge.net/project/rkhunter/rkhunter/1.4.0/rkhunter-1.4.0.tar.gz

 

Step:2 Extract the tar file using below commands

 

# tar -zxpvf  rkhunter-1.4.0.tar.gz
# cd cd rkhunter-1.4.0
# ./installer.sh --layout default --install

 

Output of the above command should look like below.

 

rkhunter

 

Step:3 Update the database of rkhnter using below commands

 

# /usr/local/bin/rkhunter --update
# /usr/local/bin/rkhunter --propupd

 

It is suggested that update command option is run regularly in order to ensure that the data files are kept up
to date.

 

Step:4 Now Manually Scan Linux Server for rootkits & Malware

 

#  rkhunter --check

 

Above command will generate logs in “/var/log/rkhunter.log” file. To automate the scanning just write a shell script that will will run daily & will collect the logs and send mail to the administrator.

 

Step:5  Automated Scanning using Shell Script via Cron

 

Create a file with name  “rkhunter.sh” under  /etc/cron.daily/ with the below contents :

 

#This Script is used to detect the rootkits & malware of the server
#!/bin/sh

(

/usr/local/bin/rkhunter --versioncheck

 

/usr/local/bin/rkhunter --update

 

/usr/local/bin/rkhunter --cronjob --report-warnings-only

 

) | /bin/mail -s 'rkhunter Daily Report (mail.nextstep4it.com)'  nextstep4it@gmail.com

 

In Above Script just replace name of the Server and Email according to your setup. Assign the executable permission to the above script.

 

# chmod a+x rkhunter.sh

Post Your Comments
Name:
Email:
Comment:
Security Code  *
Enter Security Code  *
Can't read the image? click here to refresh