Rootkit Hunter (commonly abbreviated as “RKH”) is a security monitoring and analyzing tool for POSIX compliant systems, to help you detect known rootkits, malware and signal general bad security practices. Rootkits have a certain structure and files in certain areas, known to the Rootkit Hunter team. This is similar to virus signatures. RKH offers additional scans that may assist you.
Installation:
cd /home/gordy/......(if you are not already in your folder)
tar zxvf rkhunter-1.3.2.tar.gz
cd rkhunter-1.3.2/
sh installer.sh --layout default --install
Propupd:
rkhunter --propupd
Means update your system file properties. This is a necessary step to establish a foundation database file to compare scans.
Update:
rkhunter --update
First Scan:
rkhunter -c -sk
AUTOMATIC:
add into /etc/crontab
30 14 * * * root /usr/local/bin/rkhunter --cronjob --update --rwo --nocolors
At 30 minutes past 2 pm, every day, execute a RKH scan after updating any stale data files and report warnings only by mail. Mail only produced if warnings found.
Reference: