How To Install Rkhunter
If you are running a Web Server, Mail Server, Hosting Server or VPS Server and you need to provide security against rootkits, so we recommend you to install Rkhunter.
RKhunter is compatible with the most popular Hosting Control Panels like cPanel, Plesk, Ensim etc.
"Rootkit scanner is scanning tool to ensure you for about 99.9%* you're clean of nasty tools.
This tool scans for rootkits, backdoors and local exploits by running tests like:
- MD5 hash compare
- Look for default files used by rootkits
- Wrong file permissions for binaries
- Look for suspected strings in LKM and KLD modules
- Look for hidden files
- Optional scan within plaintext and binary files
Rootkit Hunter is released as GPL licensed project and free for everyone to use.
* No, not really 99.9%.. It's just another security layer"
( http://www.rootkit.nl/ )
Install Rkhunter:
# wget http://downloads.rootkit.nl/rkhunter-1.2.7.tar.gz
# tar -zxvf rkhunter-1.2.7.tar.gz
# cd rkhunter-1.2.7
# ./installer.sh
Update Rkhunter:
# rkhunter --update
Run a Test Scan (help to prevent false positives):
# /usr/local/bin/rkhunter -c
Setup a daily scan report:
# nano /etc/cron.daily/rkhunter.sh
and add it:
#!/bin/bash
(/usr/local/bin/rkhunter -c --cronjob 2>&1 mail -s "Daily Rkhunter Scan Report" email@domain.com)
Change premissions:
# chmod +x /etc/cron.daily/rkhunter.sh
2 Comments:
Good tip! :) Security on webservers changed when this kind of tools and IDS started to be used by webhosts and sysadmins. I installed it right now on my VPS server and it is ok.
Thank you for the good information on this blog.
Post a Comment