Install RKHunter on CentOS or cPanel
RKHunter is a software that is used to scan for rootkits, backdoors and possible local exploits. A rootkit is a malicious software which is capable of having administrator-level access to a computer or network. The rootkit allows the hackers to take the control of a system without the user knowing it. This post will help you to install rkhunter on CentOS.
Install RKHunter on CentOS
How to check the rkhunter version is up-to-date
root@server [~]# rkhunter --versioncheck
[ Rootkit Hunter version 1.4.2 ]
Checking rkhunter version...
This version : 1.4.2
Latest version: 1.4.2
root@server [~]#
Check for updates to database files
root@server [~]# rkhunter --update
[ Rootkit Hunter version 1.4.2 ]
Checking rkhunter data files...
Checking file mirrors.dat [ No update ]
Checking file programs_bad.dat [ No update ]
Checking file backdoorports.dat [ No update ]
Checking file suspscan.dat [ No update ]
Checking file i18n/cn [ No update ]
Checking file i18n/de [ No update ]
Checking file i18n/en [ No update ]
Checking file i18n/tr [ No update ]
Checking file i18n/tr.utf8 [ No update ]
Checking file i18n/zh [ No update ]
Checking file i18n/zh.utf8 [ No update ]
root@server [~]#
Update the entire file properties database
root@server [~]# rkhunter --propupd
[ Rootkit Hunter version 1.4.2 ]
File created: searched for 172 files, found 145
root@server [~]#
How to setup a daily RKHunter scanCreate a file under the directory “/etc/cron.daily/”
vim /etc/cron.daily/rkhunter.sh
Put the following script into that file.
#!/bin/bash
rm -rf /usr/local/src/SCAN
mkdir /usr/local/src/SCAN
SCAN=/usr/local/src/SCAN
cd $SCAN
/usr/local/bin/rkhunter -c --sk -q --summary > $SCAN/scan-rkhunter.log
sed -n '/Rootkit checks/,/Suspect applications/p' $SCAN/scan-rkhunter.log | mail -s "Rkhunter Scan Report" [email protected]
Make it executable
chmod +x /etc/cron.daily/rkhunter.sh
That’s it!