How to install Rkhunter (Rootkit hunter) on cPanel/linux server
How to install Rkhunter (Rootkit hunter) on cPanel/linux server
Rkhunter (Rootkit hunter) is a scanning tool used on linux servers to detect rootkits and backdoors. You must have server root access to install Rkhunter.
Steps to Install/Uninstall rkhunter on Linux Server using Yum
1. Log into linux server via SSH as ‘root’ user
2. Run the below command to install ‘rkhunter’
Command : yum install rkhunter
—> Package rkhunter.noarch 0:1.4.2-0.9.amzn1 will be installed
Is this ok [y/d/N]: y [Enter ‘y’ to install the package]
Installed:
rkhunter.noarch 0:1.4.2-0.9.amzn1
Dependency Installed:
mailx.x86_64
When you install rkhunter it will install the required dependency ‘mailx’.
3. Run the command “yum remove rkhunter” to remove/uninstall rkhunter
Uninstall rkhunter
Steps to Install/Uninstall rkhunter from source
1. Log into linux server via SSH as ‘root’
2. Before downloading rkhunter you must check the latest version of rkhunter available in sourceforge website
Open the below URL and download the latest version
https://sourceforge.net/projects/rkhunter/files/rkhunter/
3. Use wget command to download rkhunter
Command : wget https://sourceforge.net/projects/rkhunter/files/rkhunter/1.4.2/rkhunter-1.4.2.tar.gz
You can download the README file to check what all features are included in the latest version on rhkunter.
4. Extract the rkhunter tar file you have downloaded
Command to extract : tar -zxvf rkhunter-1.4.2.tar.gz
5. Change to directory you have extracted using cd command
cd rkhunter-1.4.2/
6. Run the below command to install rkhunter
Command : ./installer.sh --layout default --install
Install Rkhunter from source
Installation step is pasted below :
[root@server rkhunter-1.4.2]# tar -zxvf rkhunter-1.4.2.tar.gz
rkhunter-1.4.2/files/filehashsha.pl
rkhunter-1.4.2/files/programs_bad.dat
rkhunter-1.4.2/files/i18n/
rkhunter-1.4.2/files/i18n/zh
rkhunter-1.4.2/files/i18n/tr
rkhunter-1.4.2/files/i18n/de
rkhunter-1.4.2/files/i18n/cn
rkhunter-1.4.2/files/i18n/zh.utf8
rkhunter-1.4.2/files/i18n/en
rkhunter-1.4.2/files/i18n/tr.utf8
rkhunter-1.4.2/files/rkhunter.conf
rkhunter-1.4.2/files/signatures/
rkhunter-1.4.2/files/signatures/RKH_dso.ldb
rkhunter-1.4.2/files/signatures/RKH_Glubteba.ldb
rkhunter-1.4.2/files/signatures/RKH_sniffer.ldb
rkhunter-1.4.2/files/signatures/RKH_shv.ldb
rkhunter-1.4.2/files/signatures/RKH_libkeyutils1.ldb
rkhunter-1.4.2/files/signatures/RKH_libkeyutils.ldb
rkhunter-1.4.2/files/signatures/RKH_sshd.ldb
rkhunter-1.4.2/files/signatures/RKH_xsyslog.ldb
rkhunter-1.4.2/files/signatures/RKH_turtle.ldb
rkhunter-1.4.2/files/signatures/RKH_kbeast.ldb
rkhunter-1.4.2/files/signatures/RKH_libncom.ldb
rkhunter-1.4.2/files/signatures/RKH_pamunixtrojan.ldb
rkhunter-1.4.2/files/signatures/RKH_jynx.ldb
rkhunter-1.4.2/files/backdoorports.dat
rkhunter-1.4.2/files/FAQ
rkhunter-1.4.2/files/mirrors.dat
rkhunter-1.4.2/files/rkhunter.spec
rkhunter-1.4.2/files/contrib/
rkhunter-1.4.2/files/contrib/rkhunter_remote_howto.txt
rkhunter-1.4.2/files/contrib/run_rkhunter.sh
rkhunter-1.4.2/files/contrib/README.txt
rkhunter-1.4.2/files/rkhunter
rkhunter-1.4.2/files/CHANGELOG
rkhunter-1.4.2/files/stat.pl
rkhunter-1.4.2/files/check_modules.pl
rkhunter-1.4.2/files/readlink.sh
rkhunter-1.4.2/installer.sh
[root@server ~]# cd rkhunter-1.4.2/
[root@server rkhunter-1.4.2]# sh installer.sh
Run rkhunter Install script
1. Type the below command to check the version of rkhunter installed
rkhunter -V
Rootkit Hunter 1.4.2
2. Run any of the below command to initiate a rkhuner scan on your linux server
rkhunter --check
OR
rkhunter -c
3. Run the below command to Check for updates to database files
rkhunter --update
[ Rootkit Hunter version 1.4.2 ]
Checking rkhunter data files…
Checking file mirrors.dat [ No update ]
Checking file programs_bad.dat [ Updated ]
Checking file backdoorports.dat [ No update ]
Checking file suspscan.dat [ Updated ]
Checking file i18n/cn [ No update ]
Checking file i18n/de [ Updated ]
Checking file i18n/en [ No update ]
Checking file i18n/tr [ Updated ]
Checking file i18n/tr.utf8 [ Updated ]
Checking file i18n/zh [ Updated ]
Checking file i18n/zh.utf8 [ Updated ]
4. steps to set a weekly rkhunter scan on your linux server and email the result to your email address
vi /etc/cron.weekly/rkhunter-scan.sh
Enter the below script in rkhunter-scan.sh file
#!/bin/bash
(rkhunter --update && rkhunter -c --cronjob 2>&1 | mail -s “Rkhunter Scan Result” user@domain.com)
5. Run the below command to see all options
rkhunter --help
Or
rkhunter -h
6. To Unlock/Remove the Rkhunter lock file
Command : rkhunter --unlock
7. How to check for latest version of program
The below command will shows whether you have installed the latest version.
Command : rkhunter --versioncheck
[ Rootkit Hunter version 1.4.2 ]
Checking rkhunter version…
This version : 1.4.2
Latest version: 1.4.2
8. How to run Rkhunter in quiet mode
Command : rkhunter --quiet -c
9. Rkhunter log file location
By default rkhuner logs are saved in /var/log/ directory, log file is /var/log/rkhunter.log.
Use “–nolog” option if you do not want to save the logs to a file.
Command : rkhunter --nolog -c
