Before starting the Rkhunter installation we must have an idea about the ‘Rootkit’. A rootkit is a stealthy type of software, typically malicious, designed to hide the existence of certain processes or programs from normal methods of detection and enable continued privileged access to a computer. The word rootkit is a concatenation of “root” (Means the administrative privilege) and “kit” (represents the software kit). Rootkit detection is difficult because a rootkit may be able to subvert the software that is intended to find it.
Rkhunter(Rootkit hunter) is an opensource scanner for Linux system to find out if any rootkit infection is there.
Do follow the steps below to install Rkhunter.
Step 1 : Downloading the latest version of Rkhunter.
# cd /tmp
# wget http://ncu.dl.sourceforge.net/project/rkhunter/rkhunter/1.4.0/rkhunter-1.4.0.tar.gz
Step 2 : Installing Rkhunter.
Extract the tar file you have downloaded and install it by executing the following command as root user.
# tar -xvf rkhunter-1.4.0.tar.gz
# cd rkhunter-1.4.0
# ./installer.sh --layout default --install
Step 3: Updating Rkhunter.
Update the Rkhunter to fill the database properties.
# /usr/local/bin/rkhunter --update
# /usr/local/bin/rkhunter --propupd
Done !!
Common usage
How to scan your Linux system for “rootkit” ?
You can manually check the system by using the switch -c along with the Rkhunter tool.
Syntax:
# rkhunter -c
Or
# rkhunter --check
You can check the scan details from “/var/log/rkhunter.log“.
You will get more details by executing the rkhunter with –help switch.
# rkhunter --help
That’s it :-) :-)