October 17, 2016

CentOS 7 - Install Root Kit Hunter (rkhunter)

Rootkits and backdoors are often the worst type of computer compromise possible. To protect against rootkits, backdoors and other security problems you can install and use rkhunter.

Note: To install rkhunter, you must have installed and enabled EPEL. To do this you can follow our EPEL tutorial on how to install and setup EPEL.

To install rkhunter. Open a terminal and type in the following command and press ENTER on your keyboard.

sudo yum install rkhunter

Once installed, we need to perform some housekeeping. We will now update rkhunter. In the terminal, type in the following commands individually and press ENTER on your keyboard.

sudo rkhunter --update

sudo rkhunter --propupd

To run a manual scan you can in the terminal by issuing the following command and pressing ENTER on the keyboard.

sudo rkhunter -c

If like us you prefer to automate tasks. Let us create a script and run rkhunter daily then have it email us the results.

In the terminal, type the following command and press ENTER on your keyboard.

sudo vim /etc/cron.daily/rkhunter_cron.sh

Input the text below.

#!/bin/sh
(
rkhunter --versioncheck
rkhunter --update
rkhunter -c --cronjob --enable all --disable none
) | mail -s "rkhunter daily scan..." youremail@address.com

Note: Please replace youremail@address.com with your own email address.

Note: Gmail and other mail service users that require SMTP send authentication use the text below.

#!/bin/sh
(
rkhunter --versioncheck
rkhunter --update
rkhunter -c --cronjob --enable all --disable none
) | mailx -v -s "rkhunter daily scan..." -S smtp-use-starttls -S ssl-verify=ignore -S smtp-auth=login -S smtp=smtp://smtp.gmail.com:587 -S from="youremail@address.com" -S smtp-auth-user=youremail@address.com -S smtp-auth-password=yourpassword -S ssl-verify=ignore -S nss-config-dir="/etc/pki/nssdb/" youremail@address.com

Note: Please replace youremail@address.com with your own email address. Also replace yourpassword with your mail service password.

Once done. Save and exit the file.

We now need to make our script executable. We do this using the command below. In the terminal, type the following command and press ENTER on your keyboard.

sudo chmod +x /etc/cron.daily/rkhunter_cron.sh

You can now look forward to daily emails delivered from rkhunter.

Note: --propupd we used earlier. To read more about it, please use the following link.

rkhunter --propupd information
Posted by at
Labels: , , , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)