 |
|
|
How To Install RKHunter
Last
Updated:
October 4, 2008
RKHunter - (RootKit Hunter) Is a security scanning tool which will scan for rootkits, backdoors, and local exploits. RKHunter will ensure you about 99.9% that your dedicated web server is secure.
1. Login to your server via SSH as root.
Then Type: cd /usr/local/src/
2. Download RKHunter Version 1.1.4
Type: wget http://downloads.rootkit.nl/rkhunter-1.1.4.tar.gz
3. Extract files
Type: tar -xzvf rkhunter-1.1.4.tar.gz
4. Type: cd rkhunter
5. Type: ./installer.sh
6. Lets setup RKHunter to e-mail you you daily scan reports.
Type: pico -w /etc/cron.daily/rkhunter.sh
Add The Following:
#!/bin/bash
(/usr/local/bin/rkhunter -c --cronjob 2>&1 | mail -s "RKhunter Scan Details" replace-this@with-your-email.com)
Replace the e-mail above with your e-mail!! It is best to send the e-mail to an e-mail off-site so that if the box IS compromised the hacker can't erase the scan report unless he hacks another server too.
Type: chmod +x /etc/cron.daily/rkhunter.sh
RKHunter let me know there was something wrong with my dedicated server, What do I do?
1. If your system is infected with an rootkit, it's almost impossible to clean it up (lets say with a full warranty it's clean). Never trust a machine which has been infected with a rootkit, because hiding is the root kit's main purpose.
(So a fresh installation of the operating system is NEEDED)
2. If only one check fails it is possible that you have a "false positive".
This sometimes occurs due to custom configurations or changed binaries. If this happens you can validate the 'false positive' by checking for untrusted paths, knowing if oyu recently updated the binary, and rkhunter just is out of date, and you can also compare your binaries with other trusted binaries to ensure they are in fact 'safe' from a root kit.
RKHunter Faq Can Be Found Here www.rootkit.nl |
|
|
|
