At first let's answer a simple question -> What Is Rkhunter?
Well, Rkhunter (Rootkit Hunter) is an open source Unix/Linux based scanner tool for Linux systems released under GPL that scans backdoors, rootkits and local exploits on your systems.
It scans hidden files, wrong permissions set on binaries, suspicious strings in kernel etc.
To know more about Rkhunter and its features visit Rootkit.nl - Protect your machine.
Here we are going to help you install RKhunter on your Linux Dedicated/VPS box, step by step!
Step 1
First download the latest stable version of Rkhunter tool by going to Rootkit Hunter or use the following wget command to download the tar file to your box.
cd /tmp
wget http://sourceforge.net/projects/rkhunter/files/rkhunter/1.4.2/rkhunter-1.4.2.tar.gz
*Notice when you read this post version might have changed so it's better to look up for the proper version first and adjust the wget command accordingly.
Step 2
Now that you have the latest version it's time to do some real work with RKhunter.
tar -xvf rkhunter-1.4.2.tar.gz
cd rkhunter-1.4.2
./installer.sh --layout default --install
Step 3
Let's create a cron job and have an email alert whenever our box gets scaned by RKhunter
Create a file called rkhunter.sh under /etc/cron.daily/, which then scans your file system every day and sends email notifications to your email id.
nano /etc/cron.daily/rkhunter.sh
Now add the following lines to that file:
#!/bin/sh
(
/usr/local/bin/rkhunter --versioncheck
/usr/local/bin/rkhunter --update
/usr/local/bin/rkhunter --cronjob --report-warnings-only
) | /bin/mail -s 'rkhunter Daily Run (YourServerName)' your@email.com
*make sure you change YouServerName and your email with your own values.
Save the file and then chmod so it has execute permissions.
chmod 755 /etc/cron.daily/rkhunter.sh
If you just installed RKhunter and you like to check your box for any problems you can manually run using the following command line: rkhunter --check
Even though you can see the results on screen you can also check the log file that RKhunter creates under /var/log/rkhunter.log
Update RKhunter
If you want to update RHhunter (you always need to keep your box updated and patched don't forget that) you can execute the following commands using SSH.
/usr/local/bin/rkhunter --update
/usr/local/bin/rkhunter --propupd