Rkhunter


Recommended Posts

Bushrat

Source: eth0.us

No security system is perfect and it is always good to have some forms of intrusion detection just incase somebody does get in you can be notified. Do not immediatly get worried if in an email you get a positive, many of them are false and from upgrades. I would first suggest running "rkhunter -c" from ssh and looking at the errors. If it is a few bad binaries you should check to see what was updated recently. If you have a rootkit detected you should start to worry because it is very uncommon for a false positive on a rootkit or trojan.

Download and unzip rkhunter

-----command-----

cd /usr/local/src/

wget http://downloads.rootkit.nl/rkhunter-1.1.5.tar.gz

tar -zxf rkhunter-1.1.5.tar.gz

cd rkhunter

-----command-----

Install it

-----command-----

./installer.sh

-----command-----

Now create a cronjob so it will email you with notifications to the root mailbox:

-----command-----

crontab -e

-----command-----

Now the crontab is going to be created. The first line is an update function so that you can be assured your rkhunter has the latest rules before it scans your system. The second line will run the actual scan an email root the results. At the bottom add the following line

10 0 * * * /usr/local/bin/rkhunter --update > /dev/null 2>&1

25 0 * * * /usr/local/bin/rkhunter -c --nocolors --cronjob --report-mode --createlogfile --skip-keypress --quiet

Press control x to save

If you have any problems, PM me.

Link to post
Share on other sites
  • 6 months later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.