• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer navigation

The Geek Diary

  • OS
    • Linux
    • CentOS/RHEL
    • Solaris
    • Oracle Linux
    • VCS
  • Interview Questions
  • Database
    • oracle
    • oracle 12c
    • ASM
    • mysql
    • MariaDB
  • DevOps
    • Docker
    • Shell Scripting
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

Detect rootkits & malware on Linux Servers using rkhunter

by admin

Rkhunter stands for RootkitHunter. It is an open-source scanner software or a shell script in a UNIX-like operating system that detects known rootkits and malware on Linux servers.

It also performs checks to see if commands have been modified, if the system startup files have been modified, and various checks on the network interfaces, including checks for listening applications.

Installation Steps of rkhunter on CentOS/RHEL/Fedora

Step 1: Download the tar file of stable version of rkhunter.

# wget http://kaz.dl.sourceforge.net/project/rkhunter/rkhunter/1.4.0/rkhunter-1.4.0.tar.gz

Step 2: Extract the tar file using below commands.

# tar -zxpvf  rkhunter-1.4.0.tar.gz
# cd cd rkhunter-1.4.0
# ./installer.sh --layout default --install

The output of the above command should look like below.

rootkits installation

Step 3: Update the database of rkhnter using below commands.

# /usr/local/bin/rkhunter --update 
# /usr/local/bin/rkhunter --propupd

It is suggested that the update command option is run regularly in order to ensure that the data files are kept up to date.

Step 4: Now Manually Scan Linux Server for rootkits & Malware.

# rkhunter --check

The above command will generate logs in “/var/log/rkhunter.log” file. To automate the scanning just write a shell script that will run daily & will collect the logs and send mail to the administrator.

Step 5: Automated Scanning using Shell Script via Cron.

Create a file with name rkhunter.sh under /etc/cron.daily/ with the below contents:

#This Script is used to detect the rootkits & malware of the server
#!/bin/sh
(
/usr/local/bin/rkhunter --versioncheck
/usr/local/bin/rkhunter --update
/usr/local/bin/rkhunter --cronjob --report-warnings-only
) | /bin/mail -s 'rkhunter Daily Report (mail.thegeekdiary.com)' thegeekdiary@gmail.com

In the Above Script just replace the name of the Server and Email according to your setup. Assign the executable permission to the above script.

# chmod a+x rkhunter.sh

Filed Under: CentOS/RHEL, Linux, Ubuntu

Some more articles you might also be interested in …

  1. pvchange Command Examples in Linux
  2. do-release-upgrade: command not found
  3. bpftool Command Examples in Linux
  4. filefrag: command not found
  5. curl Command Examples in Linux
  6. quotaon command examples in Linux
  7. CentOS / RHEL : How to add iptable rules
  8. Understanding multipath Utility to Configure DM-Multipath
  9. smartctl: command not found
  10. Configuring sudo to Enable Commands for Non-Root Users in Linux

You May Also Like

Primary Sidebar

Recent Posts

  • qm Command Examples in Linux
  • qm wait Command Examples in Linux
  • qm start Command Examples in Linux
  • qm snapshot Command Examples in Linux

© 2023 · The Geek Diary

  • Archives
  • Contact Us
  • Copyright