Rootkits and backdoors are often the worst type of compromise possible. To protect your server against rootkits, backdoors and other security problems it is recommended to install and use Rkhunter on your Linux VPS. Rkhunter (Rootkit Hunter) is a very useful open source software utility that makes various checks on the local system and scans for known rootkits, local exploits, malware and backdoors. Rkhunter checks to see whether the binary files or system startup files have been modified, and performs various checks on the network interfaces, including checks for listening services and applications. Rkhunter runs on most Linux and UNIX systems. It can be run from the command line, but it can also be scheduled to execute on a daily basis as a cron job.
To install the latest version of Rkhunter on your server, execute the following commands:
wget http://downloads.sourceforge.net/project/rkhunter/rkhunter/1.4.0/rkhunter-1.4.0.tar.gz tar xzfv rkhunter-1.4.0.tar.gz cd rkhunter-1.4.0 ./installer.sh --install --layout default rkhunter --update rkhunter --propupd
Use the following command to perform a test scan on the local system:
rkhunter -c
Set up a daily cron job on your Linux VPS:
vi /etc/cron.daily/rkhunter-cron.sh
#!/bin/sh ( rkhunter --versioncheck rkhunter --update rkhunter -c --cronjob ) | mail -s 'rkhunter Daily Check' your_email@address.com
Do not forget to replace ‘your_email@address.com’ with your email address.
Execute the following command to make the script executable:
chmod +x /etc/cron.daily/rkhunter-cron.sh
That’s it! An email with the results of Rkhunter scan will be sent on your email address on a daily basis.
Of course you don’t have to do any of this if you use one of our Linux VPS Hosting services, in which case you can simply ask our expert Linux admins to install Rkhunter for you. They are available 24×7 and will take care of your request immediately.
PS. If you liked this post please share it with your friends on the social networks using the buttons on the left or simply leave a reply below. Thanks.
Thanks for a useful and concise article. This saved me a bunch of time and helped me feel secure in my recent server setup. One thing though – I’m on CentOS 7 with the epel repo enabled and I was able to install rkhunter with yum which also created a more complex daily cron for me. For email alerts all I had to do was change two config files (/etc/sysconfig/rkhunter for daily output and /etc/rkhunter.conf for just warning alerts)
The epel repo seems popular enough that this method might be better for anyone who already has it enabled, or at least a mention that it’s an option.