HowTo Install RkHunter

0
3365

Rootkit scanner is scanning tool to ensure you’re clean of nasty tools.

This tool scans for rootkits, backdoors and local exploits by running tests like: MD5 hash compare, Look for default files used by rootkits, Wrong file permissions for binaries, Look for suspected strings in LKM and KLD modules, Look for hidden files, Optional scan within plaintext and binary files.

Current Version: 1.3.8 (November 17, 2010)
Website: Rootkit Hunter
Download: Rootkit Hunter – Browse /rkhunter at SourceForge.net
Requirements:
– Most Linux and *BSD distributions
– Bourne Again Shell (BASH)
Checks for rootkits, backdoors, LKM’s and worms:
55808 Trojan – Variant A, ADM W0rm, AjaKit, aPa Kit, Apache Worm, Ambient (ark) Rootkit, Balaur Rootkit, BeastKit, beX2, BOBKit, CiNIK Worm (Slapper.B variant), Danny-Boy’s Abuse Kit, Devil RootKit, Dica, Dreams Rootkit, Duarawkz Rootkit, Flea Linux Rootkit, FreeBSD Rootkit, Fuck`it Rootkit, GasKit, Heroin LKM, HjC Rootkit, ignoKit, ImperalsS-FBRK, Irix Rootkit, Kitko, Knark, Li0n Worm, Lockit / LJK2, mod_rootme (Apache backdoor), MRK, Ni0 Rootkit, NSDAP (RootKit for SunOS), Optic Kit (Tux), Oz Rootkit, Portacelo, R3dstorm Toolkit, RH-Sharpe’s rootkit, RSHA’s rootkit, Scalper Worm, Shutdown, SHV4 Rootkit, SHV5 Rootkit, Sin Rootkit, Slapper, Sneakin Rootkit, Suckit, SunOS Rootkit, Superkit, TBD (Telnet BackDoor), TeLeKiT, T0rn Rootkit, Trojanit Kit, URK (Universal RootKit), VcKit, Volc Rootkit, X-Org SunOS Rootkit, zaRwT.KiT Rootkit and some known/unknown sniffers, backdoors like; Anti Anti-sniffer, LuCe LKM, THC Backdoor.
Tested on:
AIX 4.1.5 & 4.3.3, ALT Linux, Aurora Linux, CentOS 3.1 & 4.0, Conectiva Linux 6.0, Debian 3.x, FreeBSD 4.3 / 4.4 / 4.7 / 4.8 / 4.9 / 4.10, FreeBSD 5.0 / 5.1 / 5.2 / 5.2.1 / 5.3, Fedora Core 1 / Core 2 / Core 3, Gentoo 1.4, 2004.0, 2004.1, Macintosh OS 10.3.4-10.3.8, Mandrake 8.1 / 8.2 / 9.0-9.2 / 10.0 / 10.1, OpenBSD 3.4 & 3.5, Red Hat Linux 7.0-7.3 / 8 / 9, Red Hat Enterprise Linux 2.1 & 3.0, Slackware 9.0 / 9.1 / 10.0 / 10.1, SME 6.0, Solaris (SunOS), SuSE 7.3 / 8.0-8.2 / 9.0-9.2, Ubuntu, Yellow Dog Linux 3.0 & 3.01.
Confirmed to work on: CLFS, DaNix (Debian clone), PCLinuxOS, VectorLinux SOHO 3.2 & 4.0, CPUBuilders Linux, Virtuozzo (VPS)
Run Scan:

Code:
/usr/local/bin/rkhunter -c

Configure Daily Scan Report:

Code:
nano /etc/cron.daily/rkhunter.sh

Add the following code to file:

Code:
#!/bin/bash (/usr/local/bin/rkhunter -c --cronjob 2>&1 | mail -s "Daily Rkhunter Scan Report" email@domain.com)

Set execute permission:

Code:
chmod +x /etc/cron.daily/rkhunter.sh

Updating rkhunter:

Code:
rkhunter --update

Leave A Reply

Please enter your comment!
Please enter your name here