rkhunter is a good tool for server security audit, either you are doing a general proactive error or in a suspicion of server compromise.
Its easy to install and use , you can install rkhunter following below steps :

Note : It do not give accurate results in VPS environment so its only recommended for Physical servers.

Installation steps :


#switch to source directory
cd /usr/local/src
#download source
wget http://downloads.sourceforge.net/project/rkhunter/rkhunter/1.3.8/rkhunter-1.3.8.tar.gz?use_mirror=nchc
#untar (according to version number and file name)
tar -xzvf rkhunter-1.3.8.tar.gz
#Installation
cd rkhunter-1.3.8
./installer.sh --install

#Running a scan (you can run ' rkhunter --help' to see detailed options available )
rkhunter --check

The scan will give you result of scans on console, saying ok or giving warning etc for different checks (like rootkit files check, check for malware, network etc), pausing for you to press enter before performing each set of test. You can review the results on the console in real time and if you have any doubt about any output, you can search on internet for that or consult a system administrator. Or you can drop a comment and I will try to help/guide with any issues you might have.

It logs all the output in below file, so you can review that file at any time after completing the scan :

/var/log/rkhunter.log

Have a happy security audit :)

Tags: , , , , ,

3 Comments on How To : Install rkhunter (Rootkit Hunter)

  1. Nasir5 says:

    Hi,

    Good work Riz, sharing knowledge is educating people :)

    Regards,
    Nasir

  2. Riz says:

    Thanks Nasir .

  3. Thanks for sharing Rk-Hunter details with me.

Leave a Reply to Riz Cancel reply