Best-Selling Hosting
- Colocation Hosting
- Shared Hosting
- VPS Hosting
- Reseller Hosting
- Windows Hosting
- PHP Hosting
- Multiple Domain Hosting
- ASP Hosting
- Best Web Hosting Companies
- Dedicated Servers
- Java Hosting
- Managed Servers
- Coldfusion Hosting
- Linux Hosting
- Database Hosting
- > All Hosting Services
Top Rated Providers
Editors Pick
Rkhunter Installation
Published: Jun 27, 2004
-
Rating
5/5
Rating
5/5Rkhunter is a very useful tool that is used to check for trojans, rootkits, and other security problems.
Rkhunter is a very useful tool that is used to check for trojans, rootkits, and other security problems. This tutorial will touch on installing and setting up a daily report for rkhunter.
Update Aug. 23, 2005
Installing:
wget http://downloads.rootkit.nl/rkhunter-1.2.7.tar.gz
tar -zxvf rkhunter-1.2.7.tar.gz
cd rkhunter-1.2.7
./installer.sh
Now you can run a test scan with the following command:
/usr/local/bin/rkhunter -c
How to setup a daily scan report?
pico /etc/cron.daily/rkhunter.sh
add the following replacing your email address:
#!/bin/bash
(/usr/local/bin/rkhunter -c --cronjob 2>&1 | mail -s "Daily Rkhunter Scan Report" [email protected])
chmod +x /etc/cron.daily/rkhunter.sh
Updating rkhunter
gets the latest database updates from their central server and matches your OS better to prevent false positives.
rkhunter --update
I just got a false positive!! What do i do?
False positives are warnings which indicates there is a problem, but aren't really a problem. Example: some Linux distro updated a few common used binaries like `ls` and `ps`. You (as a good sysadmin) update the new packages and run (ofcourse) daily Rootkit Hunter. Rootkit Hunter isn't yet aware of these new files and while scanning it resports some "bad" files. In this case we have a false positive. You could always have your datacenter or a system administrator check out the server to verify that it is not compromised.
More information on rkhunter can be found here: http://www.rootkit.nl
Related Articles
- Guide to Chkrootkit - checking for intruders
- Creating a Welcome message for SSH logins
- Mask Your Web Server for Enhanced Security
- E-mail Alert on Root SSH Login
- How to install BFD (Brute Force Detection)
- How to install APF (Advanced Policy Firewall)
- How to install mod_security for Apache
- How to Disable Telnet
- How to install KISS Firewall
- Detect and Clean a hacked server T0rnkit Tutorial
- Compile 2.6.7 Kernel w/module-init-tools
Comments (15)
-
Chris 01:13, August 28, 2004You should update this to:<br />
<br />
wget http://downloads.rootkit.nl/rkhunter-1.1.6.tar.gz -
mct 17:40, December 29, 2004make that 1.1.9 as of 12/28/04. :)
-
Amr 16:53, March 16, 2005wget http://downloads.rootkit.nl/rkhunter-1.2.1.tar.gz<br />
<br />
as of 16 March 2005 -
mjm 03:45, May 6, 2005updated yet again:<br />
<br />
wget http://downloads.rootkit.nl/rkhunter-1.2.5.tar.gz<br />
<br />
05-05-2005 -
Brad 09:44, June 18, 2005Make that 1.2.7 as of 6/18/05
-
accyroy 14:57, June 18, 2005updated again...<br />
<br />
wget http://downloads.rootkit.nl/rkhunter-1.2.7.tar.gz<br />
<br /> -
BoO_SuLtAn 16:16, June 19, 2005The Latest Version Is :<br />
<br />
http://downloads.rootkit.nl/rkhunter-1.2.7.tar.gz<br />
<br />
Best Regards" -
Arif Kanji 09:17, August 17, 2005Hi,<br />
How do u make a scan at (for example) 3am everyday.<br />
Cheers -
Miguel Costa 00:33, June 4, 2006Hy<br />
<br />
New version:)<br />
<br />
wget http://downloads.rootkit.nl/rkhunter-1.2.8.tar.gz -
harry 00:36, August 12, 2006Very helpful for level3 issues
-
Chanchal 02:33, October 2, 2006The following binaries to be reported bad while checking Red Hat Linux release 9 (Shrike) servers using rkhunter. Checked 3 servers and confirmed on all.<br />
<br />
/bin/dmesg [ BAD ]<br />
/bin/kill [ BAD ]<br />
/bin/login [ BAD ]<br />
/bin/mount [ BAD ]<br />
<br />
The package installed is util-linux-2.11y-9.2.legacy -
Will 14:24, April 4, 2007New version: <br />
<br />
wget http://downloads.rootkit.nl/rkhunter-1.2.9.tar.gz -
Mahdi 03:47, January 7, 2008whats the new version link<br />
i can not open the downloads.rootkit.nl url :(<br />
please take te new version download link -
cdixon311 00:06, January 13, 2008http://superb-east.dl.sourceforge.net/sourceforge/rkhunter/rkhunter-1.3.0.tar.gz<br />
<br />
It seems there is a latter version out now.<br /> -
Ritesh 05:39, March 14, 2008Error while running rkhunter<br />
<br />
rkhunter-1.3.0<br />
<br />
/usr/local/bin/rkhunter -c<br />
Default logfile will be used (/var/log/rkhunter.log).<br />
The internationalisation directory does not exist: /var/rkhunter/db/i18n
Add Your Thoughts
WebHostGear.com is a hosting directory, not a web host.
Copyright © 1998-2023 WebHostGear.com