For those of you who didn’t know, Rootkit Hunter (rkhunter) is a Unix-based tool that scans for rootkits, backdoors and possible local exploits. Rkhunter checks to see whether the binary files or system startup files have been modified, and performs various checks on the network interfaces, including checks for listening services and applications. Rkhunter runs on most Linux and UNIX systems. It can be run from the command line, but it can also be scheduled to execute on a daily basis as a cron job.
This article assumes you have at least basic knowledge of linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple. I will show you through the step by step installation rkhunter (rootkit hunter) on centos 6.
Step 1. Download rkhunter.
tar xzfv rkhunter-1.4.2.tar.gz
./installer.sh --install --layout default
Step 2. Rootkit Hunter manual scan.
Use the following command to perform a test scan on the local system:
Step 3. Adding daily cron job
Set up a daily cron job on your Linux vps:
rkhunter -c --cronjob
) | mail -s 'rkhunter Daily Check' firstname.lastname@example.org
Important: Do not forget to replace ‘email@example.com’ with your email address.
Execute the following command to make the script executable:
chmod +x /etc/cron.daily/rkhunter-cron.sh
For more information and options run the following command.
Congratulation’s! You have successfully installed rootkit hunter. Thanks for using this tutorial for installting rkhunter on centos 6 systems.