RKHunter Installation

No security system is perfect and it is always good to have some forms of intrusion detection just incase somebody does get in you can be notified. Do not immediatly get worried if in an email you get a positive, many of them are false and from upgrades. I would first suggest running "rkhunter -c" from ssh and looking at the errors. If it is a few bad binaries you should check to see what was updated recently. If you have a rootkit detected you should start to worry because it is very uncommon for a false positive on a rootkit or trojan.

Download and unzip rkhunter

cd /usr/local/src/

wget http://downloads.rootkit.nl/rkhunter-1.2.7.tar.gz or

wget http://downloads.sourceforge.net/rkhunter/rkhunter-1.3.2.tar.gz

tar -zxf rkhunter-1.2.7.tar.gz

cd rkhunter

Install it

./installer.sh or

./installer.sh --layout /usr/local/src --install

Now create a cronjob so it will email you with notifications to the root mailbox

crontab -e

Now the crontab is going to be created. The first line is an update function so that you can be assured your rkhunter has the latest rules before it scans your system. The second line will run the actual scan an email root the results. At the bottom add the following line

10 0 * * * /usr/local/bin/rkhunter --update > /dev/null 2>&1

25 0 * * * /usr/local/bin/rkhunter -c --nocolors --cronjob --report-mode --createlogfile --skip-keypress --quiet

Press Ctrl + x to save.