Setting up RKhunter on a Linux box and setup a Cron Job for rootkits
This on is quite easy, I use it all the time at work. How to install rkhunter!
Login to your server (via SSH and su to root)
cd /usr/local/src/
Go here and find the latest version.. Right now the latest version is 1.4.2
Download RKHunter
wget http://downloads.sourceforge.net/project/rkhunter/rkhunter/1.4.2/rkhunter-1.4.2.tar.gz?r=&ts=1437775186&use_mirror=netcologne
Extract files
tar -xzvf rkhunter*
cd rkhunter*
./installer.sh --install
Thats the section on how to install rkhunter done, next on to some things that will help you using rkhunter.
Daily reports using a cronjob
setup RKHunter to e-mail you you daily scan reports.
vi /etc/cron.daily/rkhunter.sh
Add the following
#!/bin/bash /usr/local/bin/rkhunter -c --cronjob 2>&1 |
mail -s "RKhunter Scan Details" replace-this@with-your-email.com
Replace the e-mail above with your e-mail!! It is best to send the e-mail to an e-mail off-site so that if the box IS compromised the hacker can’t erase the scan report unless he hacks another server too.
chmod +x /etc/cron.daily/rkhunter.sh
Next, update rkhunter so that all the components are the latest versions
rkhunter --update
Then you can run a scan against your system
rkhunter -c --sk --display-logfile
Once the scan completes you can go through the list produced and fix the various things!