How to install and use Rkhunter on a Linux server for rootkit, local exploits, malware and backdoors scanning
Rootkits and backdoors are often the worst type of compromise possible. To protect your server against rootkits, backdoors and other security problems it is recommended to install and use Rkhunter on your Linux VPS. Rkhunter (Rootkit Hunter) is a very useful open source software utility that makes various checks on the local system and scans for known rootkits, local exploits, malware and backdoors. Rkhunter checks to see whether the binary files or system startup files have been modified, and performs various checks on the network interfaces, including checks for listening services and applications. Rkhunter runs on most Linux and UNIX systems. It can be run from the command line, but it can also be scheduled to execute on a daily basis as a cron job.
To install the latest version of Rkhunter on your server, execute the following commands:
wget http://downloads.sourceforge.net/project/rkhunter/rkhunter/1.4.0/rkhunter-1.4.0.tar.gz tar xzfv rkhunter-1.4.0.tar.gz cd rkhunter-1.4.0 ./installer.sh --install --layout default rkhunter --update rkhunter --propupd
Use the following command to perform a test scan on the local system:
Set up a daily cron job on your Linux VPS:
#!/bin/sh ( rkhunter --versioncheck rkhunter --update rkhunter -c --cronjob ) | mail -s 'rkhunter Daily Check' [email protected]
Do not forget to replace ‘[email protected]’ with your email address.
Execute the following command to make the script executable:
chmod +x /etc/cron.daily/rkhunter-cron.sh
That’s it! An email with the results of Rkhunter scan will be sent on your email address on a daily basis.
Of course you don’t have to do any of this if you use one of our Linux VPS Hosting services, in which case you can simply ask our expert Linux admins to install Rkhunter for you. They are available 24×7 and will take care of your request immediately.
PS. If you liked this post please share it with your friends on the social networks using the buttons on the left or simply leave a reply below. Thanks.