Rootkit Hunter, security monitoring and analyzing tool

  • Post Author:
  • Post Category:Linux
  • Post Comments:0 Comments

Rootkit Hunter (commonly abbreviated as “RKH”) is a security monitoring and analyzing tool for POSIX compliant systems, to help you detect known rootkits, malware and signal general bad security practices. Rootkits have a certain structure and files in certain areas, known to the Rootkit Hunter team. This is similar to virus signatures. RKH offers additional scans that may assist you.

cd /home/gordy/......(if you are not already in your folder)
tar zxvf rkhunter-1.3.2.tar.gz
cd rkhunter-1.3.2/
sh --layout default --install

rkhunter --propupd
Means update your system file properties. This is a necessary step to establish a foundation database file to compare scans.

rkhunter --update

First Scan:
rkhunter -c -sk

add into /etc/crontab
30 14 * * * root /usr/local/bin/rkhunter --cronjob --update --rwo --nocolors
At 30 minutes past 2 pm, every day, execute a RKH scan after updating any stale data files and report warnings only by mail. Mail only produced if warnings found.



Leave a Reply


This site uses Akismet to reduce spam. Learn how your comment data is processed.