Install rkhunter (Rootkit Hunter) on RHEL CentOS Fedora Debian Ubuntu

Overview

rkhunter (Rootkit Hunter) is a Unix-based tool that scans for rootkits, backdoors and possible local exploits. It does this by comparing SHA-1 hashes of important files with known good ones in online database, searching for default directories (of rootkits), wrong permissions, hidden files, suspicious strings in kernel modules, and special tests for Linux and FreeBSD.

Install rkhunter (Rootkit Hunter) on RHEL CentOS Fedora Debian Ubuntu

Download the latest tarball of rkhunter


$ wget http://ncu.dl.sourceforge.net/project/rkhunter/rkhunter/1.4.0/rkhunter-1.4.0.tar.gz

Untar it and run the installer


$ tar -xvf rkhunter-1.4.0.tar.gz
$ cd rkhunter-1.4.0
$ sudo ./installer.sh --layout default --install

To update rkhunter’s database.


$ sudo /usr/local/bin/rkhunter --update
$ sudo /usr/local/bin/rkhunter --propupd

To check your system for rootkits execute the following as root.


$ sudo rkhunter --check

To see all available options


$ sudo rkhunter --help

rkhunter01 300x176 Install rkhunter (Rootkit Hunter) on RHEL CentOS Fedora Debian Ubuntu