I’ve taken on a couple of new servers, so I figured I would share this little tidbit of information. RKHunter stands for root kit hunter, which will scan your system for nasty root kits. A quote from the site:
Rootkit scanner is scanning tool to ensure you for about 99.9%* you’re clean of nasty tools. This tool scans for rootkits, backdoors and local exploits by running tests like:
– MD5 hash compare
– Look for default files used by rootkits
– Wrong file permissions for binaries
– Look for suspected strings in LKM and KLD modules
– Look for hidden files
– Optional scan within plaintext and binary files
Rootkit Hunter is released as GPL licensed project and free for everyone to use.
* No, not really 99.9%.. It’s just another security layer
To install this goody, we log into our server, then make sure you are the root user. The latest version as if this post is 1.3.4. If you like to keep things organized, and you should, I always download things into a specific directory. I went all out on the naming this directory, so that no one can figure out what’s in it! :) I called it ‘downloads’, and, I have it right under my root users main folder. So, I start off by changing to the ‘downloads’ folder.
root@server [~]# cd downloads
Next, I use wget to grab the rkhunter program:
root@server [~/downloads]# wget http://garr.dl.sourceforge.net/sourceforge/rkhunter/rkhunter-1.3.4.tar.gz
Now to extract it, and then move into the new directory:
root@server [~/downloads]# tar -zxvf rkhunter-1.3.4.tar.gz
root@server [~/downloads]# cd rkhunter-1.3.4
Next, we run the installer script. The default layouts are good enough to use:
root@server[~/downloads/rkhunter-1.3.4]# ./installer.sh –layout default –install
This will install the program into ‘/usr/local/bin/rkhunter’‘.
Now, you can run a scan from the command line by typing:
root@server [~]# rkhunter -c
Logs for the program get saved to ‘/var/log/rkhunter.log’. A nice thing to do though, it to set up a cron job to run the tool once a day, and then email you the results. To do this, complete the following:
root@server [~]# vi /etc/cron.daily/rkhunter.sh
Now, paste the following code into the newly created file, make sure to change the email address at the end though:
#!/bin/bash
(/usr/local/bin/rkhunter -c –cronjob 2>&1 | mail -s “Your Daily RKHunter Scan Report” mail@yourdomain.com)
Save your file ( :wq ), and your set. Now, we enable the file to be able to run:
root@server [~]# chmod +x /etc/cron.daily/rkhunter.sh
You have now setup a daily cron, that will email you the results of your RKHunter scan.
Excellent blog solidservers.ca well done and I am really pleased to stumble on : this it’s just what I needed to know. I shall be very pleased to become a regular visitor
Best Regards
Cheers for the informative page – I enjoyed reading it! I always love your blog. :)
You made some good points there, i’m surely bookmark this as 1 of my favourite blog!
Thanks for the post!
Hi guys,
I know this might be a bit off topic but seeing that a bunch of you own websites, where would the best place be to host. Someone recommended I use Blue Host for $6.95 a month which seems like a great deal. Anyone here on solidservers.ca using them?
I always recommend to stay away from the cheap hosts, as the saying goes, you get what you pay for. I would use RoboHostingSolutions for all your shared hosting. They also do custom plans, just get in touch with them.
Good job. I’m definitely going to bookmark you!
Thanks for
your sharing, it’s very useful
Rkhunter plugin creation howto for cpanel:
http://jackal777.wordpress.com/2011/10/10/whmcpanel-rkhunter-plugin-creation-howto/