• Contact Us
  • copyright
  • About Us
  • Privacy Policy
  • Devops
  • Linux
Globedrill

How to install Rkhunter on CentOS, RHEL server

Linux/31 Jan, 17/4122/0
Linux

How to download and install Rkhunter (Rootkit hunter) on cPanel, CentOS 7, RHEL 7 servers

Rkhunter (Rootkit hunter) is a scanning tool used on linux servers to detect rootkits, backdoors and exploits. You must have server root access to install Rkhunter.

Install rkhunter on CentOS 7 / RHEL 7 server

1. Log into linux server via SSH as ‘root’ user

2. Install epel-release (Extra Packages for Enterprise Linux) package on your server using yum command

Command: # yum install epel-release

You will see the error “No package rkhunter available” if EPEL in not installed on your server.

3. After install epel-release, run the below command to install ‘rkhunter’

Command : # yum install rkhunter
 

[root@server ~]# yum install rkhunter

Resolving Dependencies
–> Running transaction check
—> Package rkhunter.noarch 0:1.4.6-1.el7 will be installed
–> Processing Dependency: /usr/bin/perl for package: rkhunter-1.4.6-1.el7.noarch
–> Processing Dependency: crontabs for package: rkhunter-1.4.6-1.el7.noarch
–> Processing Dependency: e2fsprogs for package: rkhunter-1.4.6-1.el7.noarch
–> Processing Dependency: iproute for package: rkhunter-1.4.6-1.el7.noarch
–> Processing Dependency: logrotate for package: rkhunter-1.4.6-1.el7.noarch
–> Processing Dependency: lsof for package: rkhunter-1.4.6-1.el7.noarch
–> Processing Dependency: mailx for package: rkhunter-1.4.6-1.el7.noarch
–> Processing Dependency: perl for package: rkhunter-1.4.6-1.el7.noarch
–> Processing Dependency: perl(IO::Socket) for package: rkhunter-1.4.6-1.el7.noarch
–> Processing Dependency: perl(strict) for package: rkhunter-1.4.6-1.el7.noarch
–> Processing Dependency: wget for package: rkhunter-1.4.6-1.el7.noarch

Dependencies Resolved

=====================================================================================
Package Arch Version Repository
Size
=====================================================================================
Installing:
rkhunter noarch 1.4.6-1.el7 epel 207 k
Installing for dependencies:
cronie x86_64 1.4.11-23.el7 base 92 k
cronie-anacron x86_64 1.4.11-23.el7 base 36 k
crontabs noarch 1.11-6.20121102git.el7 base 13 k
e2fsprogs x86_64 1.42.9-17.el7 base 699 k
e2fsprogs-libs x86_64 1.42.9-17.el7 base 168 k
groff-base x86_64 1.22.2-8.el7 base 942 k
iproute x86_64 4.11.0-25.el7_7.2 base 803 k
iptables x86_64 1.4.21-34.el7 base 432 k
libmnl x86_64 1.0.3-7.el7 base 23 k
libnetfilter_conntrack x86_64 1.0.6-1.el7_3 base 55 k
libnfnetlink x86_64 1.0.1-4.el7 base 26 k
libss x86_64 1.42.9-17.el7 base 46 k
logrotate x86_64 3.8.6-19.el7 base 70 k
lsof x86_64 4.87-6.el7 base 331 k
mailx x86_64 12.5-19.el7 base 245 k
perl x86_64 4:5.16.3-295.el7 base 8.0 M
perl-Carp noarch 1.26-244.el7 base 19 k
perl-Encode x86_64 2.51-7.el7 base 1.5 M
perl-Exporter noarch 5.68-3.el7 base 28 k
perl-File-Path noarch 2.09-2.el7 base 26 k
perl-File-Temp noarch 0.23.01-3.el7 base 56 k
perl-Filter x86_64 1.49-3.el7 base 76 k
perl-Getopt-Long noarch 2.40-3.el7 base 56 k
perl-HTTP-Tiny noarch 0.033-3.el7 base 38 k
perl-PathTools x86_64 3.40-5.el7 base 82 k
perl-Pod-Escapes noarch 1:1.04-295.el7 base 51 k
perl-Pod-Perldoc noarch 3.20-4.el7 base 87 k
perl-Pod-Simple noarch 1:3.28-4.el7 base 216 k
perl-Pod-Usage noarch 1.63-3.el7 base 27 k
perl-Scalar-List-Utils x86_64 1.27-248.el7 base 36 k
perl-Socket x86_64 2.010-5.el7 base 49 k
perl-Storable x86_64 2.45-3.el7 base 77 k
perl-Text-ParseWords noarch 3.29-4.el7 base 14 k
perl-Time-HiRes x86_64 4:1.9725-3.el7 base 45 k
perl-Time-Local noarch 1.2300-2.el7 base 24 k
perl-constant noarch 1.27-2.el7 base 19 k
perl-libs x86_64 4:5.16.3-295.el7 base 689 k
perl-macros x86_64 4:5.16.3-295.el7 base 44 k
perl-parent noarch 1:0.225-244.el7 base 12 k
perl-podlators noarch 2.5.1-3.el7 base 112 k
perl-threads x86_64 1.87-4.el7 base 49 k
perl-threads-shared x86_64 1.43-6.el7 base 39 k
wget x86_64 1.14-18.el7_6.1 base 547 k

Transaction Summary
=====================================================================================
Install 1 Package (+43 Dependent packages)

Total download size: 16 M
Installed size: 50 M
Is this ok [y/d/N]: y

 

4. Enter y and press enter, if yum ask for confirmation

Rkhunter need the below dependencies:

—————
procps-ng-0:3.3.10-27.el7.x86_64
bash-0:4.2.46-34.el7.x86_64
binutils-0:2.27-43.base.el7_8.1.x86_64
mailx-0:12.5-19.el7.x86_64
crontabs-0:1.11-6.20121102git.el7.noarch
findutils-1:4.5.11-6.el7.x86_64
coreutils-0:8.22-24.el7.x86_64
perl-4:5.16.3-295.el7.x86_64
e2fsprogs-0:1.42.9-17.el7.x86_64
lsof-0:4.87-6.el7.x86_64
wget-0:1.14-18.el7_6.1.x86_64
iproute-0:4.11.0-25.el7_7.2.x86_64
procps-ng-0:3.3.10-27.el7.i686
grep-0:2.20-3.el7.x86_64
kmod-0:20-28.el7.x86_64
logrotate-0:3.8.6-19.el7.x86_64
—————
 

Steps to download and install rkhunter rpm on CentOS / RHEL

1. Log into Linux server as root user

2. You can download rkhunter rpm using wget command

3. Install the downloaded rpm file using yum command or rpm command
 
On CentOS 6 x86_64 server :

# wget https://download-ib01.fedoraproject.org/pub/epel/6/x86_64/Packages/r/rkhunter-1.4.6-1.el6.noarch.rpm

# yum install rkhunter-1.4.6-1.el6.noarch.rpm

OR

# rpm -ivh rkhunter-1.4.6-1.el6.noarch.rpm

yum command will download and install the required dependencies. You must manually install the dependencies if you are installing using rpm command.
 
On CentOS 7 x86_64 server :

# wget https://download-ib01.fedoraproject.org/pub/epel/7/x86_64/Packages/r/rkhunter-1.4.6-1.el7.noarch.rpm

# yum install rkhunter-1.4.6-1.el7.noarch.rpm

OR

# rpm -ivh rkhunter-1.4.6-1.el7.noarch.rpm

 

How to remove/uninstall Rkhunter

1. Log into your CentOS / RHEL server as ‘root’ user

2. Run the command “yum remove rkhunter” to remove/uninstall rkhunter

 

Uninstall rkhunter

Uninstall rkhunter


 

Steps to Install rkhunter from source

 
1. Log into linux server via SSH as ‘root’

2. Before downloading rkhunter you must check the latest version of rkhunter available in sourceforge website

Open the below URL and download the latest version

https://sourceforge.net/projects/rkhunter/files/rkhunter/

3. Use wget command to download rkhunter

Command : wget https://sourceforge.net/projects/rkhunter/files/rkhunter/1.4.2/rkhunter-1.4.2.tar.gz

You can download the README file to check what all features are included in the latest version on rhkunter.

4. Extract the rkhunter tar file you have downloaded

Command to extract : tar -zxvf rkhunter-1.4.2.tar.gz

5. Change to directory you have extracted using cd command

cd rkhunter-1.4.2/

6. Run the below command to install rkhunter

Command : ./installer.sh --layout default --install
 

Install Rkhunter from source

Install Rkhunter from source

Installation step is pasted below :
 


 

[root@server rkhunter-1.4.2]# wget https://sourceforge.net/projects/rkhunter/files/rkhunter/1.4.2/rkhunter-1.4.2.tar.gz
[root@server rkhunter-1.4.2]# tar -zxvf rkhunter-1.4.2.tar.gz
rkhunter-1.4.2/files/filehashsha.pl
rkhunter-1.4.2/files/programs_bad.dat
rkhunter-1.4.2/files/i18n/
rkhunter-1.4.2/files/i18n/zh
rkhunter-1.4.2/files/i18n/tr
rkhunter-1.4.2/files/i18n/de
rkhunter-1.4.2/files/i18n/cn
rkhunter-1.4.2/files/i18n/zh.utf8
rkhunter-1.4.2/files/i18n/en
rkhunter-1.4.2/files/i18n/tr.utf8
rkhunter-1.4.2/files/rkhunter.conf
rkhunter-1.4.2/files/signatures/
rkhunter-1.4.2/files/signatures/RKH_dso.ldb
rkhunter-1.4.2/files/signatures/RKH_Glubteba.ldb
rkhunter-1.4.2/files/signatures/RKH_sniffer.ldb
rkhunter-1.4.2/files/signatures/RKH_shv.ldb
rkhunter-1.4.2/files/signatures/RKH_libkeyutils1.ldb
rkhunter-1.4.2/files/signatures/RKH_libkeyutils.ldb
rkhunter-1.4.2/files/signatures/RKH_sshd.ldb
rkhunter-1.4.2/files/signatures/RKH_xsyslog.ldb
rkhunter-1.4.2/files/signatures/RKH_turtle.ldb
rkhunter-1.4.2/files/signatures/RKH_kbeast.ldb
rkhunter-1.4.2/files/signatures/RKH_libncom.ldb
rkhunter-1.4.2/files/signatures/RKH_pamunixtrojan.ldb
rkhunter-1.4.2/files/signatures/RKH_jynx.ldb
rkhunter-1.4.2/files/backdoorports.dat
rkhunter-1.4.2/files/FAQ
rkhunter-1.4.2/files/mirrors.dat
rkhunter-1.4.2/files/rkhunter.spec
rkhunter-1.4.2/files/contrib/
rkhunter-1.4.2/files/contrib/rkhunter_remote_howto.txt
rkhunter-1.4.2/files/contrib/run_rkhunter.sh
rkhunter-1.4.2/files/contrib/README.txt
rkhunter-1.4.2/files/rkhunter
rkhunter-1.4.2/files/CHANGELOG
rkhunter-1.4.2/files/stat.pl
rkhunter-1.4.2/files/check_modules.pl
rkhunter-1.4.2/files/readlink.sh
rkhunter-1.4.2/installer.sh
[root@server ~]# cd rkhunter-1.4.2/
[root@server rkhunter-1.4.2]# sh installer.sh

 

Run rkhunter Install script

Run rkhunter Install script


 


 
1. Type the below command to check the version of rkhunter installed

rkhunter -V
 

[root@server ~]# rkhunter -V
Rootkit Hunter 1.4.2

 
2. Run any of the below command to initiate a rkhuner scan on your linux server

rkhunter --check

OR

rkhunter -c
 
Start Rkhunter scan
 
3. Run the below command to Check for updates to database files

rkhunter --update
 

[root@server ~]# rkhunter --update
[ Rootkit Hunter version 1.4.2 ]

Checking rkhunter data files…
Checking file mirrors.dat [ No update ]
Checking file programs_bad.dat [ Updated ]
Checking file backdoorports.dat [ No update ]
Checking file suspscan.dat [ Updated ]
Checking file i18n/cn [ No update ]
Checking file i18n/de [ Updated ]
Checking file i18n/en [ No update ]
Checking file i18n/tr [ Updated ]
Checking file i18n/tr.utf8 [ Updated ]
Checking file i18n/zh [ Updated ]
Checking file i18n/zh.utf8 [ Updated ]

 
4. steps to set a weekly rkhunter scan on your linux server and email the result to your email address

vi /etc/cron.weekly/rkhunter-scan.sh

Enter the below script in rkhunter-scan.sh file

#!/bin/bash
(rkhunter --update && rkhunter -c --cronjob 2>&1 | mail -s “Rkhunter Scan Result” user@domain.com)

5. Run the below command to see all options

rkhunter --help

Or

rkhunter -h

6. To Unlock/Remove the Rkhunter lock file

Command : rkhunter --unlock

7. How to check for latest version of program

The below command will shows whether you have installed the latest version.

Command : rkhunter --versioncheck
 

[root@server ~]# rkhunter --versioncheck
[ Rootkit Hunter version 1.4.2 ]

Checking rkhunter version…
This version : 1.4.2
Latest version: 1.4.2

 
8. How to run Rkhunter in quiet mode

Command : rkhunter --quiet -c

9. Rkhunter log file location

By default rkhuner logs are saved in /var/log/ directory, log file is /var/log/rkhunter.log.

Use “–nolog” option if you do not want to save the logs to a file.

Command : rkhunter --nolog -c

Leave a Reply Cancel reply

.

About Us

Globedrill.com is a website that publishes articles related to Linux and Devops. Globedrill was started on April 2016.

Contact Us

Email : globedrill.c@gmail.com

Globedrill

Copyright © 2016 Globedrill. All Rights Reserved. The content in this website is copyrighted to Globedrill.com and may not be republished either online or offline.

  • About Us
  • Privacy Policy
  • Contact Us
  • copyright