In this tutorial, we will show you how to install Rootkit Hunter on Linux. For those of you who didn’t know, Rkhunter is a Unix-based tool developed in Bash, offering compatibility with all Unix-based operating systems. It scans your system for rootkits, backdoors, and other security threats by investigating hidden files, potentially malicious strings, and incorrect permissions in binary files. Rkhunter performs a system scan by comparing the SHA-1 hashes of important files with known good ones in its database.
This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the Rootkit Hunter on a Linux operating system.
Prerequisites
- A server running one of the following operating systems: Ubuntu any other Debian-based distribution, CentOS, or AlmaLinux.
- It’s recommended that you use a fresh OS install to prevent any potential issues.
- An active internet connection.
- A
non-root sudo useror access to theroot user. We recommend acting as anon-root sudo user, however, as you can harm your system if you’re not careful when acting as the root.
Install Rootkit Hunter on Linux
Step 1. Downloading Rkhunter.
Now we download Rootkit Hunter from the official website:
wget http://downloads.sourceforge.net/project/rkhunter/rkhunter/1.4.6/rkhunter-1.4.6.tar.gz tar -xvf rkhunter-1.4.6.tar.gz cd rkhunter-1.4.6
Once you have downloaded the latest version, run the following commands to install it:
./installer.sh –install
Output:
Checking system for: ... Installing LICENSE: OK Installing README: OK Installing language support files: OK Installing ClamAV signatures: OK Installing rkhunter: OK Installing rkhunter.conf: OK Installation complete ...
Step 3. Configure Rkhunter.
The default installation process will install a configuration file, called ‘rkhunter.conf’, into the ‘/etc’ directory or where you chose using the ‘–layout’ switch. You can either edit the main configuration file itself or create a ‘local’ configuration file for your own settings. This file, which must be called ‘rkhunter.conf.local’, must reside in the same directory as the main configuration file.
Step 4. Using Rkhunter.
Before running RKH we will need to update databases and fill the file properties database by running the following command:
rkhunter –update rkhunter –propupd
To scan the entire file system, run the following command as a root user:
rkhunter -c
The above command generates a log file under /var/log/rkhunter.log with the check results made by Rkhunter.
cat /var/log/rkhunter.log
Check only warnings using the following command:
grep Warning /var/log/rkhunter.log
Check man page:
man rkhunter
Congratulations! You have successfully installed Rootkit Hunter. Thanks for using this tutorial to install the latest version of Rootkit Hunter (rkhunter) on the Linux system. For additional help or useful information, we recommend you check the official Rootkit Hunter website.
